Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4006

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4006
Last Modified 22 Oct 2012 12:00:00
Published 04 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4006

Summary

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.

Vulnerable Systems

Application

  • Redgraphic Sapid Cms 1.2.3

  • Redgraphic Sapid Cms 1.2.3.02

  • Sapid Cms 1.2.3 Rc2

  • Sapid Cms 1.2.3 Stable

  • Sapid Cms 1.2.3.02


References

SECUNIA - 17859

VUPEN - ADV-2005-2703

OSVDB - 21389

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100

CONFIRM - http://sapid-club.com/en/viewtopic.php?p=586#586

BID - 15689


Last Updated: 27 May 2016 11:01:12