Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7172

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7172
Last Modified 08 Sep 2009 12:00:00
Published 08 Sep 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7172

Summary

Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.

Vulnerable Systems

Application

  • Yanick Bourbeau Lightweight News Portal 1.0b


References

XF - lnp-admin-security-bypass(43225)

BID - 29848

MILW0RM - 5873


Last Updated: 27 May 2016 10:49:29