Lucene search

[email protected]CVE-2008-6643

HistoryApr 07, 2009 - 2:17 p.m.

CVE-2008-6643

2009-04-0714:17:17

CWE-264

[email protected]

web.nvd.nist.gov

lokicms

cve-2008-6643

remote attackers

access control

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.3%

JSON

LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

Affected configurations

NVD

Node

lokicmslokicmsMatch0.3.4

CPENameOperatorVersion
lokicms:lokicmslokicmseq0.3.4

CPE	Name	Operator	Version
lokicms:lokicms	lokicms	eq	0.3.4

References

osvdb.org/45866

www.securityfocus.com/archive/1/492877/100/0/threaded

www.securityfocus.com/bid/29448

exchange.xforce.ibmcloud.com/vulnerabilities/42766

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2008-6643

nvd1 prion1 cvelist1