Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0720

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0720
Last Modified 05 Sep 2008 04:21:43
Published 20 Oct 2000 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0720

Summary

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

Vulnerable Systems

Application

  • Gwscripts News Publisher 1.05

  • Gwscripts News Publisher 1.05a

  • Gwscripts News Publisher 1.05b

  • Gwscripts News Publisher 1.06


References

BUGTRAQ - 20000829 News Publisher CGI Vulnerability

BID - 1621

XF - news-publisher-add-author(5169)


Last Updated: 27 May 2016 10:35:50