CVE-2009-0412

critical

Description

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47899

http://www.securitytracker.com/id?1021557

http://www.securityfocus.com/bid/33212

http://www.securityfocus.com/archive/1/499967/100/0/threaded

Details

Source: Mitre, NVD

Published: 2009-02-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00383