Lucene search

[email protected]CVE-2008-1727

HistoryApr 11, 2008 - 7:05 p.m.

CVE-2008-1727

2008-04-1119:05:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-1727

knowledgequest

authentication bypass

admincheck.php

remote attackers

arbitrary admin accounts

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.6%

JSON

KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.

Affected configurations

NVD

Node

myknowledgequestknowledgequestMatch2.5

myknowledgequestknowledgequestMatch2.6

CPENameOperatorVersion
myknowledgequest:knowledgequestmyknowledgequest knowledgequesteq2.5
myknowledgequest:knowledgequestmyknowledgequest knowledgequesteq2.6

CPE	Name	Operator	Version
myknowledgequest:knowledgequest	myknowledgequest knowledgequest	eq	2.5
myknowledgequest:knowledgequest	myknowledgequest knowledgequest	eq	2.6

References

secunia.com/advisories/29716

www.osvdb.org/44257

exchange.xforce.ibmcloud.com/vulnerabilities/41747

www.exploit-db.com/exploits/5418

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.6%

JSON

Related for CVE-2008-1727

prion1 cvelist1 nvd1