CVE-2008-6664

Опубликовано: 08 апр. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.

Ссылки

http://www.securityfocus.com/bid/29725
Exploit
http://www.shnews.de/change-log
Vendor Advisory
URL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/43123
https://www.exploit-db.com/exploits/5829
http://www.securityfocus.com/bid/29725
Exploit
http://www.shnews.de/change-log
Vendor Advisory
URL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/43123
https://www.exploit-db.com/exploits/5829

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yarck:sh-news:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01229

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-896r-2cff-955p

github

больше 3 лет назад