Описание
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sitenews:sitenews:0.01_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.02_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.03_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.04_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.05_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.06_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.07_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.08_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.09_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.10_beta:*:*:*:*:*:*:*
cpe:2.3:a:sitenews:sitenews:0.11_beta:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00717
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
EPSS
Процентиль: 72%
0.00717
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other