_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Realm_cms | Realm_project | 2.3 (including) | 2.3 (including) |
References
- http://bugreport.ir/index.php?/40
- http://secunia.com/advisories/30583
- http://www.securityfocus.com/bid/29616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42960
- https://www.exploit-db.com/exploits/5766
- http://bugreport.ir/index.php?/40
- http://secunia.com/advisories/30583
- http://www.securityfocus.com/bid/29616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42960
- https://www.exploit-db.com/exploits/5766