CVE-2012-1602

Nextbbs - Authentication Bypass

Title source: rule

Description

user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.

References (7)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-03/0135.html

[Exploit] http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html

[Exploit] http://www.openwall.com/lists/oss-security/2012/03/29/8

[Exploit] http://www.openwall.com/lists/oss-security/2012/03/30/2

[Third Party Advisory, VDB Entry] http://www.osvdb.org/80626

[Exploit] http://www.securityfocus.com/bid/52728

[Exploit] http://www.waraxe.us/advisory-80.html

Scores

EPSS 0.0028

EPSS Percentile 51.5%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

nextbbs/nextbbs

Timeline

Published Oct 01, 2012

Tracked Since Feb 18, 2026