Описание
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
Ссылки
- Mailing List
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing List
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.0 (включая)
cpe:2.3:a:archilles:newsworld:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00856
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
EPSS
Процентиль: 75%
0.00856
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-522