exploitDog

CVE-2008-6774

Опубликовано: 29 апр. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Ссылки

http://secunia.com/advisories/33272
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47566
http://secunia.com/advisories/33272
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47566

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:peterselie:yourplace:*:*:*:*:*:*:*:*

Версия до 1.0.2 (включая)

cpe:2.3:a:peterselie:yourplace:1.0:*:*:*:*:*:*:*

cpe:2.3:a:peterselie:yourplace:1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00508

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-5rr9-4rgr-p59r

github

больше 3 лет назад

internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS

Процентиль: 66%

0.00508

Низкий

5 Medium

CVSS2

Дефекты

CWE-264