CVE-2008-2297

Опубликовано: 18 мая 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "", which is present in the password file and probably passes an insufficient comparison.

Ссылки

http://secunia.com/advisories/30279
Vendor Advisory
http://www.securityfocus.com/bid/29243
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42464
https://www.exploit-db.com/exploits/5628
http://secunia.com/advisories/30279
Vendor Advisory
http://www.securityfocus.com/bid/29243
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42464
https://www.exploit-db.com/exploits/5628

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:roticv:rantx:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02365

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-qw95-2v38-2pp5

github

почти 4 года назад

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison.