PT-2006-1280 · Mini Nuke · Mini-Nuke Cms System

Mustafa Can Bjorn Ipekci

Published

2006-01-13

Updated

2018-10-19

CVE-2006-0203

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mini-Nuke CMS System versions 1.8.2 and earlier

Description The issue allows remote attackers to change the passwords of other members without verifying the old password. This can be achieved via a lostpassnew action with a modified x parameter in the membership.asp file.

Recommendations For Mini-Nuke CMS System versions 1.8.2 and earlier, consider disabling the lostpassnew action in the membership.asp file until a patch is available. Restrict access to the membership.asp file to minimize the risk of exploitation. Avoid using the x parameter in the lostpassnew action until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2006-0203

Affected Products

Mini-Nuke Cms System

PT-2006-1280 · Mini Nuke · Mini-Nuke Cms System

CVE-2006-0203

Weakness Enumeration

Related Identifiers

Affected Products

References · 10