PT-2003-1511 · One||Zero · One/Zero Helpdesk

Frog Man

·

Published

2003-05-17

·

Updated

2016-10-18

·

CVE-2003-0304

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: one||zero (aka One or Zero) Helpdesk version 1.4 rc4
Description: The issue allows remote attackers to create administrator accounts by directly calling the "install.php" Helpdesk Installation script.
Recommendations: For version 1.4 rc4, restrict access to the install.php script to prevent unauthorized creation of administrator accounts.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0304

Affected Products

One/Zero Helpdesk