{
  "id": "CVE-2008-7024",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2009-08-21T14:30:00.563",
  "lastModified": "2018-10-11T20:58:03.503",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to \"admin\" and setting the name parameter to \"users.\""
    },
    {
      "lang": "es",
      "value": "admin.php en Arz Development The Gemini Portal 4.7 y versiones anteriores permite a atacantes remotos saltarse la autenticaci\u00f3n y obtener privilegios administrativos fijando la cookie \"user\" con el valor \"admin\" y el par\u00e1metro \"name\" con el valor \"users\"."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": true,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:arzdev:gemini_lite:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7BD679-7E52-49F8-826B-C1205DEF7D97"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:arzdev:gemini_lite:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "81810F8F-C549-473C-BCD0-2536E9813336"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:arzdev:gemini_portal:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1E5188-5F3E-4741-A6DF-FE1C2FB5B6B1"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/archive/1/496761/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/31429",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45439",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.exploit-db.com/exploits/6584",
      "source": "cve@mitre.org"
    }
  ]
}