Lucene search
MitreCVE-2008-1971HistoryApr 27, 2008 - 6:05 p.m.
CVE-2008-1971
2008-04-2718:05:00
CWE-287
mitre
web.nvd.nist.gov
24
cve-2008-1971
phshoutbox
password security
remote attackers
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
High
EPSS
0.023
Percentile
89.7%
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
Affected configurations
Node
phphqphshoutbox_finalRange≤1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phphq | phshoutbox_final | * | cpe:2.3:a:phphq:phshoutbox_final:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2008-1971
2008-04-27 18:05:00
exploitdb
exploitdb
PhShoutBox 1.5 - Insecure Cookie Handling
2008-04-18 00:00:00
prion
prion
Default credentials
2008-04-27 18:05:00
cvelist
cvelist
CVE-2008-1971
2008-04-27 18:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
High
EPSS
0.023
Percentile
89.7%
Related for CVE-2008-1971