Lucene search

K
cve[email protected]CVE-2008-6473
HistoryMar 16, 2009 - 4:30 p.m.

CVE-2008-6473

2009-03-1616:30:00
CWE-255
web.nvd.nist.gov
27
cve-2008-6473
blogator-script
remote attack
password change
vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified “a” parameter with a “%” wildcard symbol in the b parameter.

Affected configurations

NVD
Node
blogator-scriptblogator-scriptMatch0.95

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

Related for CVE-2008-6473