The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Oct/39 | Mailing List Third Party Advisory |
https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html | Broken Link |
https://www.exploit-db.com/exploits/44513/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-18T18:00:00
Updated: 2018-04-26T09:57:01
Reserved: 2017-09-12T00:00:00
Link: CVE-2017-14322
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-18T18:29:00.393
Modified: 2019-05-10T17:49:19.940
Link: CVE-2017-14322
JSON object: View
Redhat Information
No data.
CWE