Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3033

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3033
Last Modified 29 Jan 2009 01:52:03
Published 07 Jul 2008 02:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3033

Summary

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.

Vulnerable Systems

Application

  • Rss Aggregator 1.0


References

XF - rssaggregator-admin-security-bypass(43509)

BID - 30016

BUGTRAQ - 20080630 RSS-aggregator Multiple vulnerabilities

SREASON - 3975


Last Updated: 27 May 2016 10:48:04