Lucene search

[email protected]CVE-2000-0435

HistoryMay 13, 2000 - 4:00 a.m.

CVE-2000-0435

2000-05-1304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

allmanage

script

remote attack

account modification

web page modification

cve-2000-0435

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.

CPENameOperatorVersion
matthew_redman:allmanagematthew redman allmanageeq2.6

CPE	Name	Operator	Version
matthew_redman:allmanage	matthew redman allmanage	eq	2.6

References

archives.neohapsis.com/archives/bugtraq/2000-05/0167.html

www.osvdb.org/1337

www.securityfocus.com/bid/1217

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON