Описание
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bosdev:bosnews:4:*:*:*:*:*:*:*
cpe:2.3:a:bosdev:bosnews:5:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00906
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
EPSS
Процентиль: 75%
0.00906
Низкий
5 Medium
CVSS2
Дефекты
CWE-264