CVE-2009-0412

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Date published : 2009-02-03

http://www.securityfocus.com/bid/33212

http://www.securityfocus.com/archive/1/499967/100/0/threaded