Описание
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:yanick_bourbeau:lightweight_news_portal:1.0b:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03121
Низкий
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
EPSS
Процентиль: 87%
0.03121
Низкий
7.5 High
CVSS2
Дефекты
CWE-264