Unrated severityNVD Advisory· Published Feb 3, 2009· Updated Apr 23, 2026

CVE-2009-0412

Description

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Affected products

Interspire/Shopping Cart
cpe:2.3:a:interspire:shopping_cart:4.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/499967/100/0/threadednvd
www.securityfocus.com/bid/33212nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/47899nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000