Lucene search

[email protected]CVE-2008-6473

HistoryMar 16, 2009 - 4:30 p.m.

CVE-2008-6473

2009-03-1616:30:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2008-6473

blogator-script

remote attack

password change

vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified “a” parameter with a “%” wildcard symbol in the b parameter.

Affected configurations

NVD

Node

blogator-scriptblogator-scriptMatch0.95

CPENameOperatorVersion
blogator-script:blogator-scriptblogator-scripteq0.95

CPE	Name	Operator	Version
blogator-script:blogator-script	blogator-script	eq	0.95

References

osvdb.org/51227

www.securityfocus.com/archive/1/490501/100/0/threaded

www.exploit-db.com/exploits/5370

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2008-6473

nvd1 prion1 cvelist1