CVE-2008-6965 Information

Description

AJ Square AJ Auction OOPD Pro Platinum Skin 1 Pro Platinum Skin 2 and Web 2.0 send a redirect but do not exit when certain scripts are called directly which allows remote attackers to bypass authentication via a direct request to (1) site.php (2) auction.php (3) mail.php (4) fee_setting.php (5) earnings.php (6) insertion_fee_settings.php (7) custom_category.php (8) subcategory.php (9) category.php (10) report.php (11) store_manager.php and (12) choose_sell_format.php in admin/ and possibly other vectors.

Reference

http://www.securityfocus.com/bid/32243 https://exchange.xforce.ibmcloud.com/vulnerabilities/46528 https://www.exploit-db.com/exploits/7087