// For flags

CVE-2008-3317

Maian Search 1.1 - Insecure Cookie Handling

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.

admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-07-25 CVE Reserved
  • 2008-07-25 CVE Published
  • 2024-03-10 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Maian Script World
Search vendor "Maian Script World"
 Maian Search
Search vendor "Maian Script World" for product "Maian Search"
 <= 1.1
Search vendor "Maian Script World" for product "Maian Search" and version " <= 1.1"
-
Affected
Maian Script World
Search vendor "Maian Script World"
 Maian Search
Search vendor "Maian Script World" for product "Maian Search"
 1.0
Search vendor "Maian Script World" for product "Maian Search" and version "1.0"
-
Affected