Lucene search

MitreCVE-2002-1087

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-1087

2002-10-0404:00:00

mitre

web.nvd.nist.gov

cve-2002-1087

credential check bypass

remote attack

http post request

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

54.0%

JSON

The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request.

Affected configurations

Nvd

Node

visualshapersezcontentsRange≤1.41

VendorProductVersionCPE
visualshapersezcontents*cpe:2.3:a:visualshapers:ezcontents:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
visualshapers	ezcontents	*	cpe:2.3:a:visualshapers:ezcontents::::::::

References

archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html

online.securityfocus.com/archive/1/284229

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

54.0%

JSON

Related for CVE-2002-1087