Lucene search

K
cve[email protected]CVE-2008-6473
HistoryMar 16, 2009 - 4:30 p.m.

CVE-2008-6473

2009-03-1616:30:00
CWE-255
web.nvd.nist.gov
27
cve-2008-6473
blogator-script
remote attack
password change
vulnerability

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.02 Low

EPSS

Percentile

88.9%

_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified “a” parameter with a “%” wildcard symbol in the b parameter.

Affected configurations

NVD
Node
blogator-scriptblogator-scriptMatch0.95

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.02 Low

EPSS

Percentile

88.9%

Related for CVE-2008-6473