Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2175

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2002-2175
Last Modified 10 Sep 2008 03:16:41
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2002-2175

Summary

phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.

Vulnerable Systems

Application

  • Phpsquidpass


References

BID - 5090

XF - phpsquidpass-user-deletion(9417)

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=188359

BUGTRAQ - 20020623 phpsquidpass: unauthorized user deleting


Last Updated: 27 May 2016 10:37:38