Lucene search
MitreCVE-2000-0720HistoryMay 07, 2001 - 4:00 a.m.
CVE-2000-0720
2001-05-0704:00:00
mitre
web.nvd.nist.gov
25
cve-2000-0720
gwscripts
news publisher
authentication failure
remote attack
http request
addauthor parameter.
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.1
Confidence
Low
EPSS
0.016
Percentile
87.6%
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
Affected configurations
Node
gwscriptsgwscripts_news_publisherMatch1.05
ORgwscriptsgwscripts_news_publisherMatch1.05a
ORgwscriptsgwscripts_news_publisherMatch1.05b
ORgwscriptsgwscripts_news_publisherMatch1.06
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gwscripts | gwscripts_news_publisher | 1.05 | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05:*:*:*:*:*:*:* |
| gwscripts | gwscripts_news_publisher | 1.05a | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05a:*:*:*:*:*:*:* |
| gwscripts | gwscripts_news_publisher | 1.05b | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05b:*:*:*:*:*:*:* |
| gwscripts | gwscripts_news_publisher | 1.06 | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.06:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
GWScripts News Publisher 1.0 - 'author.file' Write
2000-08-29 00:00:00
nvd
nvd
CVE-2000-0720
2000-10-20 04:00:00
cvelist
cvelist
CVE-2000-0720
2001-05-07 04:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.1
Confidence
Low
EPSS
0.016
Percentile
87.6%
Related for CVE-2000-0720