PT-2001-1521 · Php · Php-Nuke
Publicado
2001-04-04
·
Atualizado
2008-09-05
·
CVE-2001-0292
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP-Nuke version 4.4.1a
Description
The issue allows remote attackers to modify a user's email address and obtain the password by guessing the
user id and calling "user.php" with the saveuser operator.Recommendations
For PHP-Nuke version 4.4.1a, consider restricting access to the "user.php" endpoint with the
saveuser operator until a patch is available. As a temporary workaround, implement additional validation and security measures to prevent unauthorized modifications to user email addresses and passwords.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Php-Nuke