CVE-2008-5497 - Vulnerability Details - OpenCVE

BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bandsitecms	Bandsite Cms

Configuration 1 [-]

cpe:2.3:a:bandsitecms:bandsite_cms:1.1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/4716
http://www.securityfocus.com/bid/32295
https://exchange.xforce.ibmcloud.com/vulnerabilities/46601
https://www.exploit-db.com/exploits/7113

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-12T16:00:00

Updated: 2024-08-07T10:56:47.237Z

Reserved: 2008-12-12T00:00:00

Link: CVE-2008-5497

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-12-12T16:30:00.920

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5497

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "7113", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7113"}, {"name": "32295", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32295"}, {"name": "bandsitecms-loginauth-security-bypass(46601)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46601"}, {"name": "4716", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4716"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "7113", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7113"}, {"name": "32295", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32295"}, {"name": "bandsitecms-loginauth-security-bypass(46601)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46601"}, {"name": "4716", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4716"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:56:47.237Z"}, "title": "CVE Program Container", "references": [{"name": "7113", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7113"}, {"name": "32295", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32295"}, {"name": "bandsitecms-loginauth-security-bypass(46601)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46601"}, {"name": "4716", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4716"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5497", "datePublished": "2008-12-12T16:00:00", "dateReserved": "2008-12-12T00:00:00", "dateUpdated": "2024-08-07T10:56:47.237Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bandsitecms:bandsite_cms:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB4148-30D8-4E37-B030-3DC913277714", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true."}, {"lang": "es", "value": "BandSite CMS v1.1.4 permite a atacantes remotos eludir el proceso de autenticaci\u00f3n y obtener permisos de administraci\u00f3n configurando la cookie login_auth como true."}], "id": "CVE-2008-5497", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-12T16:30:00.920", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4716"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32295"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46601"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7113"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}