PT-2009-2624 · Netrisk · Netrisk
Publicado
2009-09-02
·
Atualizado
2017-08-17
·
CVE-2008-7155
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
NetRisk version 1.9.7
Description
The issue allows remote attackers to change the password of arbitrary users by making a direct request to the "admin/change submit.php" endpoint. This is due to improper access restrictions.
Recommendations
For NetRisk version 1.9.7, restrict access to the "admin/change submit.php" endpoint to prevent unauthorized password changes. Consider implementing proper access controls to mitigate the risk of exploitation.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netrisk