Lucene search

[email protected]CVE-2003-0588

HistoryAug 18, 2003 - 4:00 a.m.

CVE-2003-0588

2003-08-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0588

digi-news 1.1

authentication bypass

remote attack

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.6%

JSON

admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.

CPENameOperatorVersion
digi-fx:digi-newsdigi-fx digi-newseq1.1

CPE	Name	Operator	Version
digi-fx:digi-news	digi-fx digi-news	eq	1.1

References

marc.info/?l=bugtraq&m=105839007002993&w=2

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.6%

JSON