Lucene search

[email protected]CVE-2008-0391

HistoryJan 23, 2008 - 2:00 a.m.

CVE-2008-0391

2008-01-2302:00:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-0391

inc/elementz.php

alitalk 1.9.1.1

authentication

vulnerability

remote attackers

user account

security

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.1%

JSON

inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.

Affected configurations

NVD

Node

alilgalitalkMatch1.9.1.1

CPENameOperatorVersion
alilg:alitalkalilg alitalkeq1.9.1.1

CPE	Name	Operator	Version
alilg:alitalk	alilg alitalk	eq	1.9.1.1

References

www.securityfocus.com/bid/27315

www.exploit-db.com/exploits/4922

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2008-0391

prion1 cvelist1 nvd1