CVE-2009-3904

CubeCart 4.3.4 - Auth Bypass

Title source: llm

Description

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bogdan Calin · textwebappsphp

https://www.exploit-db.com/exploits/9875

View Code ZIP pw:eip

References (9)

Core 9

Core References

Exploit x_refsource_misc

http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54062

Exploit vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1023120

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3113

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/507594/100/0/threaded

Various Sources x_refsource_confirm

http://forums.cubecart.com/index.php?showtopic=39691?read=1

Patch x_refsource_confirm

http://forums.cubecart.com/index.php?showtopic=39748

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37197

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36882

Scores

EPSS 0.0518

EPSS Percentile 89.9%

Details

CWE

CWE-264

Status published

Products (1)

cubecart/cubecart 4.3.4

Published Nov 06, 2009

Tracked Since Feb 18, 2026