Описание
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Ссылки
- Patch
- ExploitVendor Advisory
- ExploitPatch
- Exploit
- ExploitPatch
- Exploit
- Patch
- ExploitVendor Advisory
- ExploitPatch
- Exploit
- ExploitPatch
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:netwin:surgeldap:1.0a:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeldap:1.0b:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeldap:1.0d:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeldap:1.0e:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeldap:1.0f:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeldap:1.0g:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13174
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
EPSS
Процентиль: 94%
0.13174
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other