CVE-2009-2382

CRITICAL

phpMyBlockchecker 1.0.0055 - Auth Bypass

Title source: llm

Description

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/9053

View Code ZIP pw:eip

References (4)

[Broken Link, Exploit] http://osvdb.org/55505

[Broken Link, Vendor Advisory] http://secunia.com/advisories/35660

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/9053

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51445

Scores

CVSS v3 9.8

EPSS 0.0335

EPSS Percentile 87.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (1)

jay-jayx0r/phpmyblockchecker

Timeline

Published Jul 08, 2009

Tracked Since Feb 18, 2026