PT-2003-1157 · Unknown · Syguestbook
Publicado
2003-03-18
·
Atualizado
2008-09-05
·
CVE-2002-1410
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Easy Guestbook (affected versions not specified)
Description
The issue concerns a lack of authentication for administrators in Easy Guestbook CGI programs. This allows remote attackers to perform certain actions without proper authorization. Specifically, attackers can delete entries by directly accessing the
admin.cgi endpoint or reconfigure the Guestbook by directly accessing the config.cgi endpoint.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Syguestbook