PT-2005-2979 · Cool Cafe · Cool Cafe Chat

Donnie Werner

Publicado

2005-06-16

Atualizado

2020-02-10

CVE-2005-2036

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cool Cafe Chat version 1.2.1

Description The issue allows remote attackers to obtain sensitive information, including the administrator password and email address, by modifying the nickname value in the modifyUser.asp file.

Recommendations For Cool Cafe Chat version 1.2.1, consider restricting access to the modifyUser.asp file until a patch is available, and avoid using the nickname value in the affected file to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2005-2036

Produtos afetados

Cool Cafe Chat

PT-2005-2979 · Cool Cafe · Cool Cafe Chat

CVE-2005-2036

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4