Lucene search

[email protected]CVE-2008-1971

HistoryApr 27, 2008 - 6:05 p.m.

CVE-2008-1971

2008-04-2718:05:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-1971

phshoutbox

password security

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.

Affected configurations

NVD

Node

phphqphshoutbox_finalRange≤1.5

CPENameOperatorVersion
phphq:phshoutbox_finalphphq phshoutbox finalle1.5

CPE	Name	Operator	Version
phphq:phshoutbox_final	phphq phshoutbox final	le	1.5

References

secunia.com/advisories/29892

www.securityfocus.com/bid/28856

exchange.xforce.ibmcloud.com/vulnerabilities/41901

www.exploit-db.com/exploits/5467

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2008-1971

nvd1 prion1 cvelist1