Lucene search

[email protected]CVE-2002-0995

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-0995

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

116

cve-2002-0995

phpauction

privilege escalation

remote attackers

adminusers table

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.7%

JSON

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to “insert,” which adds the provided username to the adminUsers table.

CPENameOperatorVersion
gianluca_baldo:phpauctiongianluca baldo phpauctioneq1.3
gianluca_baldo:phpauctiongianluca baldo phpauctioneq2.0
gianluca_baldo:phpauctiongianluca baldo phpauctioneq1.2
gianluca_baldo:phpauctiongianluca baldo phpauctioneq2.1

CPE	Name	Operator	Version
gianluca_baldo:phpauction	gianluca baldo phpauction	eq	1.3
gianluca_baldo:phpauction	gianluca baldo phpauction	eq	2.0
gianluca_baldo:phpauction	gianluca baldo phpauction	eq	1.2
gianluca_baldo:phpauction	gianluca baldo phpauction	eq	2.1

References

archives.neohapsis.com/archives/bugtraq/2002-07/0014.html

www.iss.net/security_center/static/9462.php

www.phpauction.org/viewnew.php?id=5

www.securityfocus.com/bid/5141

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.7%

JSON