CVE-2009-4987

Scripteen Free Image Hosting Script 2.3 - Unauthenticated Authentication Bypass via cookgid Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4987. PoCs published by Qabandi.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in Scripteen Free Image Hosting Script V2.3, allowing an attacker to bypass authentication by setting the 'cookgid' cookie to '1'.

Description

admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Qabandi · textwebappsphp
https://www.exploit-db.com/exploits/9256

This exploit demonstrates an insecure cookie handling vulnerability in Scripteen Free Image Hosting Script V2.3, allowing an attacker to bypass authentication by setting the 'cookgid' cookie to '1'.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Scripteen Free Image Hosting Script V2.3
No auth needed
Prerequisites: Access to the target application's cookie settings
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36002
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9256
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35801
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/56539
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51996

Scores

EPSS 0.0655
EPSS Percentile 92.9%

Details

CWE
CWE-287
Status published
Products (1)
scripteen/free_image_hosting_script 2.3
Published Aug 25, 2010
Tracked Since Feb 18, 2026