Lucene search

[email protected]CVE-2006-0157

HistoryJan 10, 2006 - 11:03 a.m.

CVE-2006-0157

2006-01-1011:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0157

reamday enterprises

magic news plus

remote attackers

administrator password

security vulnerability

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.021 Low

EPSS

Percentile

88.9%

JSON

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

CPENameOperatorVersion
reamday_enterprises:magic_news_plusreamday enterprises magic news pluseq1.0.3

CPE	Name	Operator	Version
reamday_enterprises:magic_news_plus	reamday enterprises magic news plus	eq	1.0.3

References

downloads.securityfocus.com/vulnerabilities/exploits/MagicNewsPlus-pw-change.pl

secunia.com/advisories/18601

www.securityfocus.com/bid/16182

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.021 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2006-0157

prion1