Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0096

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0096
Last Modified 05 Sep 2008 04:27:10
Published 25 Mar 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0096

Summary

The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.

Vulnerable Systems

Application

  • Geeklog 1.3


References

BID - 3783

BUGTRAQ - 20020103 Vulnerability in new user creation in Geeklog 1.3

XF - geeklog-default-admin-privileges(7780)

CONFIRM - http://geeklog.sourceforge.net/index.php?topic=Security


Last Updated: 27 May 2016 10:36:46