PT-2009-1943 · Blogator · Blogator-Script
Published
2009-03-16
·
Updated
2018-10-11
·
CVE-2008-6473
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Blogator-script version 0.95
Description
The issue allows remote attackers to change the password for arbitrary users. This is achieved by modifying the
a parameter and using a % wildcard symbol in the b parameter in the blogadata/include/init pass2.php file.Recommendations
For Blogator-script version 0.95, consider restricting access to the
blogadata/include/init pass2.php file until a patch is available. As a temporary workaround, avoid using the % wildcard symbol in the b parameter to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blogator-Script