CWE-287
Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (2,419)
page 79 of 121| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6118 | 0.03 | — | 0.03 | Feb 11, 2009 | win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. | |||
| CVE-2009-0461 | 0.03 | — | 0.03 | Feb 10, 2009 | Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||
| CVE-2009-0460 | 0.03 | — | 0.03 | Feb 10, 2009 | Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||
| CVE-2008-6092 | 0.03 | — | 0.03 | Feb 9, 2009 | phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | |||
| CVE-2008-6045 | 0.03 | — | 0.03 | Feb 3, 2009 | Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. | |||
| CVE-2008-6039 | 0.03 | — | 0.02 | Feb 3, 2009 | Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||
| CVE-2008-6009 | 0.03 | — | 0.03 | Jan 30, 2009 | SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. | |||
| CVE-2009-0280 | 0.03 | — | 0.03 | Jan 27, 2009 | Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | |||
| CVE-2008-5967 | 0.03 | — | 0.03 | Jan 26, 2009 | admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | |||
| CVE-2008-5945 | 0.03 | — | 0.02 | Jan 22, 2009 | Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-5880 | 0.03 | — | 0.03 | Jan 8, 2009 | admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | |||
| CVE-2008-5783 | 0.03 | — | 0.03 | Dec 31, 2008 | admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||
| CVE-2008-5708 | 0.03 | — | 0.03 | Dec 24, 2008 | redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | |||
| CVE-2008-5576 | 0.03 | — | 0.03 | Dec 15, 2008 | admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | |||
| CVE-2008-5497 | 0.03 | — | 0.03 | Dec 12, 2008 | BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. | |||
| CVE-2008-5221 | 0.03 | — | 0.03 | Nov 25, 2008 | The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype… | |||
| CVE-2008-5125 | 0.03 | — | 0.02 | Nov 18, 2008 | admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | |||
| CVE-2008-5065 | 0.03 | — | 0.03 | Nov 13, 2008 | TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin. | |||
| CVE-2008-5042 | 0.03 | — | 0.03 | Nov 12, 2008 | Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php. | |||
| CVE-2008-5040 | 0.03 | — | 0.03 | Nov 12, 2008 | Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1. |
- CVE-2008-6118Feb 11, 2009risk 0.03cvss —epss 0.03
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
- CVE-2009-0461Feb 10, 2009risk 0.03cvss —epss 0.03
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
- CVE-2009-0460Feb 10, 2009risk 0.03cvss —epss 0.03
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
- CVE-2008-6092Feb 9, 2009risk 0.03cvss —epss 0.03
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
- CVE-2008-6045Feb 3, 2009risk 0.03cvss —epss 0.03
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
- CVE-2008-6039Feb 3, 2009risk 0.03cvss —epss 0.02
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
- CVE-2008-6009Jan 30, 2009risk 0.03cvss —epss 0.03
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
- CVE-2009-0280Jan 27, 2009risk 0.03cvss —epss 0.03
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
- CVE-2008-5967Jan 26, 2009risk 0.03cvss —epss 0.03
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
- CVE-2008-5945Jan 22, 2009risk 0.03cvss —epss 0.02
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-5880Jan 8, 2009risk 0.03cvss —epss 0.03
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
- CVE-2008-5783Dec 31, 2008risk 0.03cvss —epss 0.03
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
- CVE-2008-5708Dec 24, 2008risk 0.03cvss —epss 0.03
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
- CVE-2008-5576Dec 15, 2008risk 0.03cvss —epss 0.03
admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.
- CVE-2008-5497Dec 12, 2008risk 0.03cvss —epss 0.03
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
- CVE-2008-5221Nov 25, 2008risk 0.03cvss —epss 0.03
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype…
- CVE-2008-5125Nov 18, 2008risk 0.03cvss —epss 0.02
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
- CVE-2008-5065Nov 13, 2008risk 0.03cvss —epss 0.03
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
- CVE-2008-5042Nov 12, 2008risk 0.03cvss —epss 0.03
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
- CVE-2008-5040Nov 12, 2008risk 0.03cvss —epss 0.03
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.