Lucene search

[email protected]CVE-2004-0249

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0249

2004-11-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0249

phpx

remote attackers

account access

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.091 Low

EPSS

Percentile

94.5%

JSON

PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie’s PXL variable to reference another userID.

CPENameOperatorVersion
phpx:phpxphpxeq3.2.3

CPE	Name	Operator	Version
phpx:phpx	phpx	eq	3.2.3

References

archives.neohapsis.com/archives/bugtraq/2004-03/0154.html

marc.info/?l=bugtraq&m=107586932324901&w=2

secunia.com/advisories/10797/

www.securityfocus.com/bid/9569

exchange.xforce.ibmcloud.com/vulnerabilities/15052

exchange.xforce.ibmcloud.com/vulnerabilities/15512

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.091 Low

EPSS

Percentile

94.5%

JSON