PT-2004-3093 · Unknown · Duclassmate
Publicado
2004-12-31
·
Atualizado
2017-07-11
·
CVE-2004-2198
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
DUclassmate versions 1.0 through 1.1
Description
The issue allows remote attackers to change passwords for arbitrary users. This is achieved by modifying the
MM recordId parameter on the "My Account" page, which is part of the account.asp component.Recommendations
For versions 1.0 through 1.1, avoid using the
MM recordId parameter in the account.asp page until the issue is resolved. As a temporary workaround, consider restricting access to the account.asp page to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Duclassmate