CVE-2008-7024 Information

Description

admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to \admin\ and setting the name parameter to \users.\

Reference

http://osvdb.org/48639 http://secunia.com/advisories/32057 http://www.securityfocus.com/archive/1/496761/100/0/threaded http://www.securityfocus.com/bid/31429 https://exchange.xforce.ibmcloud.com/vulnerabilities/45439 https://www.exploit-db.com/exploits/6584