CVE-2009-4927

WB News 2.1.2 - Unauthenticated Authentication Bypass via WBNEWS Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4927. PoCs published by ThE g0bL!N.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in wb news 2.1.2, allowing an attacker to set arbitrary cookie values via JavaScript to potentially bypass authentication.

Description

WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ThE g0bL!N · textwebappsphp
https://www.exploit-db.com/exploits/8492

This exploit demonstrates an insecure cookie handling vulnerability in wb news 2.1.2, allowing an attacker to set arbitrary cookie values via JavaScript to potentially bypass authentication.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: wb news 2.1.2
No auth needed
Prerequisites: Access to a victim's browser session to execute JavaScript
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8492
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34609
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34822

Scores

EPSS 0.0248
EPSS Percentile 82.5%

Details

CWE
CWE-287
Status published
Products (1)
webmobo/wbnews 2.1.2
Published Jul 12, 2010
Tracked Since Feb 18, 2026