VYPR
Unrated severityNVD Advisory· Published Feb 3, 2009· Updated Jun 16, 2026

CVE-2009-0412

CVE-2009-0412

Description

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Affected products

2
  • cpe:2.3:a:interspire:shopping_cart:4.0.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:interspire:shopping_cart:4.0.1:*:*:*:*:*:*:*
    • (no CPE)range: 4.0.1 Ultimate edition

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.