CVE-2008-4714 - Vulnerability Details - OpenCVE

Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atomic Photo Album	Atomic Photo Album

Configuration 1 [-]

cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0:pre4:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/4497
http://www.securityfocus.com/bid/31427
https://www.exploit-db.com/exploits/6580

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-23T17:00:00

Updated: 2024-08-07T10:24:20.982Z

Reserved: 2008-10-23T00:00:00

Link: CVE-2008-4714

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-23T17:17:14.887

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4714

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-26T00:00:00", "descriptions": [{"lang": "en", "value": "Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "6580", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6580"}, {"name": "31427", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31427"}, {"name": "4497", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4497"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2008-4714", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "6580", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6580"}, {"name": "31427", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31427"}, {"name": "4497", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4497"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:24:20.982Z"}, "title": "CVE Program Container", "references": [{"name": "6580", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6580"}, {"name": "31427", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31427"}, {"name": "4497", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4497"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4714", "datePublished": "2008-10-23T17:00:00", "dateReserved": "2008-10-23T00:00:00", "dateUpdated": "2024-08-07T10:24:20.982Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0:pre4:*:*:*:*:*:*", "matchCriteriaId": "FAFA4F11-4FCF-4DC0-82EB-DC791F20F25C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies."}, {"lang": "es", "value": "Atomic Photo Album 1.1.0 pre4 no maneja correctamente las cookies apa_cookie_login y apa_cookie_password, lo que probablemente permita a atacantes remotos evitar la autentificaci\u00f3n y obtener acceso de administrador mediante cookies modificadas."}], "id": "CVE-2008-4714", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-23T17:17:14.887", "references": [{"source": "[email protected]", "url": "http://securityreason.com/securityalert/4497"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31427"}, {"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/6580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4497"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6580"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "[email protected]", "type": "Primary"}]}