Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0286

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0286
Last Modified 10 Sep 2008 08:00:53
Published 31 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0286

Summary

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.

Vulnerable Systems

Application

  • Sitenews 0.01 Beta

  • Sitenews 0.02 Beta

  • Sitenews 0.03 Beta

  • Sitenews 0.04 Beta

  • Sitenews 0.05 Beta

  • Sitenews 0.06 Beta

  • Sitenews 0.07 Beta

  • Sitenews 0.08 Beta

  • Sitenews 0.09 Beta

  • Sitenews 0.10 Beta

  • Sitenews 0.11 Beta


References

BUGTRAQ - 20020216 SiteNews remote add user exploit

XF - sitenews-getpassword-add-users(8181)

BID - 4046


Last Updated: 27 May 2016 10:36:52