exploitDog

CVE-2004-0621

Опубликовано: 06 дек. 2004

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.

Ссылки

http://marc.info/?l=bugtraq&m=108811585025216&w=2
http://www.securityfocus.com/bid/10605
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16507
http://marc.info/?l=bugtraq&m=108811585025216&w=2
http://www.securityfocus.com/bid/10605
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16507

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zaireweb_solutions:newsletter_zws:*:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03512

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-pj6v-27vp-x3qw

github

почти 4 года назад

admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.

EPSS

Процентиль: 87%

0.03512

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other