Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2638

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2638
Last Modified 13 Sep 2013 12:41:33
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2638

Summary

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

Vulnerable Systems

Application

  • Oscommerce 1.5.1


References

OSVDB - 5717

MISC - http://secwatch.org/advisories/1007857

SECUNIA - 11473

XF - oscommerce-plugin-bypass-security(16009)

BID - 10235


Last Updated: 27 May 2016 10:39:34