Lucene search

[email protected]NVD:CVE-2002-0286

HistoryMay 31, 2002 - 4:00 a.m.

CVE-2002-0286

2002-05-3104:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.

Affected configurations

Nvd

Node

sitenewssitenewsMatch0.01_beta

sitenewssitenewsMatch0.02_beta

sitenewssitenewsMatch0.03_beta

sitenewssitenewsMatch0.04_beta

sitenewssitenewsMatch0.05_beta

sitenewssitenewsMatch0.06_beta

sitenewssitenewsMatch0.07_beta

sitenewssitenewsMatch0.08_beta

sitenewssitenewsMatch0.09_beta

sitenewssitenewsMatch0.10_beta

sitenewssitenewsMatch0.11_beta

VendorProductVersionCPE
sitenewssitenews0.01_betacpe:2.3:a:sitenews:sitenews:0.01_beta:*:*:*:*:*:*:*
sitenewssitenews0.02_betacpe:2.3:a:sitenews:sitenews:0.02_beta:*:*:*:*:*:*:*
sitenewssitenews0.03_betacpe:2.3:a:sitenews:sitenews:0.03_beta:*:*:*:*:*:*:*
sitenewssitenews0.04_betacpe:2.3:a:sitenews:sitenews:0.04_beta:*:*:*:*:*:*:*
sitenewssitenews0.05_betacpe:2.3:a:sitenews:sitenews:0.05_beta:*:*:*:*:*:*:*
sitenewssitenews0.06_betacpe:2.3:a:sitenews:sitenews:0.06_beta:*:*:*:*:*:*:*
sitenewssitenews0.07_betacpe:2.3:a:sitenews:sitenews:0.07_beta:*:*:*:*:*:*:*
sitenewssitenews0.08_betacpe:2.3:a:sitenews:sitenews:0.08_beta:*:*:*:*:*:*:*
sitenewssitenews0.09_betacpe:2.3:a:sitenews:sitenews:0.09_beta:*:*:*:*:*:*:*
sitenewssitenews0.10_betacpe:2.3:a:sitenews:sitenews:0.10_beta:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sitenews	sitenews	0.01_beta	cpe:2.3:a:sitenews:sitenews:0.01_beta:::::::*
sitenews	sitenews	0.02_beta	cpe:2.3:a:sitenews:sitenews:0.02_beta:::::::*
sitenews	sitenews	0.03_beta	cpe:2.3:a:sitenews:sitenews:0.03_beta:::::::*
sitenews	sitenews	0.04_beta	cpe:2.3:a:sitenews:sitenews:0.04_beta:::::::*
sitenews	sitenews	0.05_beta	cpe:2.3:a:sitenews:sitenews:0.05_beta:::::::*
sitenews	sitenews	0.06_beta	cpe:2.3:a:sitenews:sitenews:0.06_beta:::::::*
sitenews	sitenews	0.07_beta	cpe:2.3:a:sitenews:sitenews:0.07_beta:::::::*
sitenews	sitenews	0.08_beta	cpe:2.3:a:sitenews:sitenews:0.08_beta:::::::*
sitenews	sitenews	0.09_beta	cpe:2.3:a:sitenews:sitenews:0.09_beta:::::::*
sitenews	sitenews	0.10_beta	cpe:2.3:a:sitenews:sitenews:0.10_beta:::::::*

Rows per page:

1-10 of 111

References

marc.info/?l=bugtraq&m=101388393808699&w=2

www.securityfocus.com/bid/4046

exchange.xforce.ibmcloud.com/vulnerabilities/8181

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

Related for NVD:CVE-2002-0286

cvelist1 cve1