CVE-2009-0412

Publication date

2009-02-03 20:00:00

Family

mitre

State

PUBLISHED

Description

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.