CVE-2008-2682

critical

Description

_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.

References

https://www.exploit-db.com/exploits/5766

https://exchange.xforce.ibmcloud.com/vulnerabilities/42960

http://www.securityfocus.com/bid/29616

http://secunia.com/advisories/30583

Details

Source: Mitre, NVD

Published: 2008-06-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02375