CVE-2008-2682 Information

Description

_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies probably including (1) cUserRole (2) cUserName and (3) cUserID.

Reference

http://bugreport.ir/index.php?/40 http://secunia.com/advisories/30583 http://www.securityfocus.com/bid/29616 https://exchange.xforce.ibmcloud.com/vulnerabilities/42960 https://www.exploit-db.com/exploits/5766