PT-2000-2007 · Phorum · Phorum

Publicado

2000-12-31

Atualizado

2008-09-05

CVE-2000-1228

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Phorum version 3.0.7

Description The issue allows remote attackers to change the administrator password without authentication. This is achieved by sending an HTTP request for "admin.php3" that sets the step, option, confirm, and newPssword variables.

Recommendations For Phorum version 3.0.7, update to a newer version that contains a fix for this issue, as using the current version allows unauthorized password changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2000-1228

Produtos afetados

Phorum

PT-2000-2007 · Phorum · Phorum

CVE-2000-1228

Identificadores relacionados

Produtos afetados

Referências · 7