PT-2005-2979 · Cool Cafe · Cool Cafe Chat

Donnie Werner

Published

2005-06-16

Updated

2020-02-10

CVE-2005-2036

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cool Cafe Chat version 1.2.1

Description The issue allows remote attackers to obtain sensitive information, including the administrator password and email address, by modifying the nickname value in the modifyUser.asp file.

Recommendations For Cool Cafe Chat version 1.2.1, consider restricting access to the modifyUser.asp file until a patch is available, and avoid using the nickname value in the affected file to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2005-2036

Affected Products

Cool Cafe Chat

PT-2005-2979 · Cool Cafe · Cool Cafe Chat

CVE-2005-2036

Weakness Enumeration

Related Identifiers

Affected Products

References · 4