Lucene search

[email protected]CVE-2008-6963

HistoryAug 13, 2009 - 4:30 p.m.

CVE-2008-6963

2009-08-1316:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-6963

admin.php

turnkeyforms

text link sales

authentication bypass

remote attackers

administrative privileges

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.

Affected configurations

NVD

Node

turnkeyformstext_link_sales

CPENameOperatorVersion
turnkeyforms:text_link_salesturnkeyforms text link saleseq*

CPE	Name	Operator	Version
turnkeyforms:text_link_sales	turnkeyforms text link sales	eq	*

References

osvdb.org/49868

secunia.com/advisories/32732

www.securityfocus.com/bid/32302

www.exploit-db.com/exploits/7118

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2008-6963

cvelist1 prion1 nvd1