Описание
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
Ссылки
- ExploitVendor Advisory
- ExploitPatchVendor Advisory
- ExploitVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cgi_script_center:subscribe_me_lite:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06785
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
EPSS
Процентиль: 91%
0.06785
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other