Lucene search

[email protected]CVE-2005-1648

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-1648

2022-10-0316:22:41

[email protected]

web.nvd.nist.gov

cve-2005-1648

gurgens

gasoft

ultimate forum

database

access control

vulnerability

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.7%

JSON

Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.

Affected configurations

NVD

Node

gurgensgurgens_ultimate_forumMatch2.1

CPENameOperatorVersion
gurgens:gurgens_ultimate_forumgurgens gurgens ultimate forumeq2.1

CPE	Name	Operator	Version
gurgens:gurgens_ultimate_forum	gurgens gurgens ultimate forum	eq	2.1

References

archives.neohapsis.com/archives/fulldisclosure/2005-05/0350.html

secunia.com/advisories/15374

securitytracker.com/id?1013974

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2005-1648

nvd1 cvelist1