CVE-2007-6547

Опубликовано: 28 дек. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.

Ссылки

http://osvdb.org/41246
http://securityreason.com/securityalert/3493
http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
http://www.securityfocus.com/archive/1/485512/100/0/threaded
http://www.securityfocus.com/bid/27019
Patch
https://www.exploit-db.com/exploits/4790
http://osvdb.org/41246
http://securityreason.com/securityalert/3493
http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
http://www.securityfocus.com/archive/1/485512/100/0/threaded
http://www.securityfocus.com/bid/27019
Patch
https://www.exploit-db.com/exploits/4790

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:runcms:runcms:*:*:*:*:*:*:*:*

Версия до 1.6 (включая)

EPSS

Процентиль: 90%

0.06008

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-f3g3-8g37-3mvg

github

почти 4 года назад