CVE-2008-7050

Опубликовано: 24 авг. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

Ссылки

http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a
Exploit
http://secunia.com/advisories/32653
Vendor Advisory
http://www.osvdb.org/49704
http://www.vupen.com/english/advisories/2008/3109
Patch
Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153
Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167
Patch
Vendor Advisory
http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a
Exploit
http://secunia.com/advisories/32653
Vendor Advisory
http://www.osvdb.org/49704
http://www.vupen.com/english/advisories/2008/3109
Patch
Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153
Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wowraidmanager:wowraidmanager:*:*:*:*:*:*:*:*

Версия до 3.5.1 (включая)

cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:wowraidmanager:wowraidmanager:3.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00638

Низкий

7.5 High

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-mxwv-4wv5-89h7

github

больше 3 лет назад