CVE-2010-1040
OpenPNE 1.6-1.8 2.0-2.8 2.10-2.14 3.0-3.4 - Unauthenticated Simple Login Bypass via IP Address Spoofing
Title source: llmDescription
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html
Vendor Advisory x_refsource_confirm
http://www.openpne.jp/archives/4612/
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38857
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN06874657/index.html
Scores
EPSS
0.0107
EPSS Percentile
60.7%
Details
CWE
CWE-287
Status
published
Products (50)
tejimaya/openpne
1.6
tejimaya/openpne
1.8
tejimaya/openpne
2.3.0
tejimaya/openpne
2.3.1
tejimaya/openpne
2.3.3
tejimaya/openpne
2.3.4
tejimaya/openpne
2.4.0
tejimaya/openpne
2.4.1
tejimaya/openpne
2.4.2
tejimaya/openpne
2.4.3
... and 40 more
Published
Mar 23, 2010
Tracked Since
Feb 18, 2026