Lucene search

[email protected]CVE-2008-4784

HistoryOct 29, 2008 - 2:22 p.m.

CVE-2008-4784

2008-10-2914:22:38

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-4784

aflog

authentication bypass

remote attack

administrative access

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to “A” or “O” in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.

Affected configurations

NVD

Node

aflogaflogMatch1.01

CPENameOperatorVersion
aflog:aflogaflogeq1.01

CPE	Name	Operator	Version
aflog:aflog	aflog	eq	1.01

References

securityreason.com/securityalert/4524

www.securityfocus.com/bid/31894

exchange.xforce.ibmcloud.com/vulnerabilities/46083

www.exploit-db.com/exploits/6818

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2008-4784

openvas1 nvd1 prion1 cvelist1