PT-2006-1280 · Mini Nuke · Mini-Nuke Cms System

Mustafa Can Bjorn Ipekci

Publicado

2006-01-13

Atualizado

2018-10-19

CVE-2006-0203

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mini-Nuke CMS System versions 1.8.2 and earlier

Description The issue allows remote attackers to change the passwords of other members without verifying the old password. This can be achieved via a lostpassnew action with a modified x parameter in the membership.asp file.

Recommendations For Mini-Nuke CMS System versions 1.8.2 and earlier, consider disabling the lostpassnew action in the membership.asp file until a patch is available. Restrict access to the membership.asp file to minimize the risk of exploitation. Avoid using the x parameter in the lostpassnew action until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2006-0203

Produtos afetados

Mini-Nuke Cms System

PT-2006-1280 · Mini Nuke · Mini-Nuke Cms System

CVE-2006-0203

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10