CVE-2012-6710

Опубликовано: 07 окт. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.

Ссылки

http://itsecuritysolutions.org/2012-12-31-eXtplorer-v2.1-authentication-bypass-vulnerability
Exploit
Third Party Advisory
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201212-371
Third Party Advisory
https://www.securityfocus.com/bid/57058
Third Party Advisory
VDB Entry
http://itsecuritysolutions.org/2012-12-31-eXtplorer-v2.1-authentication-bypass-vulnerability
Exploit
Third Party Advisory
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201212-371
Third Party Advisory
https://www.securityfocus.com/bid/57058
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:extplorer:extplorer:*:*:*:*:*:*:*:*

Версия до 2.1.2 (включая)

EPSS

Процентиль: 99%

0.76484

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2012-6710

CVSS3: 9.8

ubuntu

больше 7 лет назад

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.

CVE-2012-6710

CVSS3: 9.8

debian

больше 7 лет назад

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to by ...

GHSA-g6wp-8w8c-mgf4

CVSS3: 9.8

github

больше 3 лет назад

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.

EPSS

Процентиль: 99%

0.76484

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287