Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1602

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1602
Last Modified 02 Oct 2012 12:00:00
Published 01 Oct 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1602

Summary

user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.

Vulnerable Systems

Application

  • Nextbbs 0.6


References

MISC - http://www.waraxe.us/advisory-80.html

BID - 52728

OSVDB - 80626

MLIST - [oss-security] 20120329 Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080

MLIST - [oss-security] 20120329 CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080

MISC - http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html

BUGTRAQ - 20120327 [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0


Last Updated: 27 May 2016 11:00:49