CVE-2009-0412

CVE-2009-0412 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Learn more about our Web Application Penetration Testing UK.