Lucene search

[email protected]CVE-2008-7172

HistorySep 08, 2009 - 10:30 a.m.

CVE-2008-7172

2009-09-0810:30:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-7172

lightweight news portal

lnp 1.0b

security vulnerability

remote attackers

administrator privileges

nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.5%

JSON

Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.

Affected configurations

NVD

Node

yanick_bourbeaulightweight_news_portalMatch1.0b

CPENameOperatorVersion
yanick_bourbeau:lightweight_news_portalyanick bourbeau lightweight news portaleq1.0b

CPE	Name	Operator	Version
yanick_bourbeau:lightweight_news_portal	yanick bourbeau lightweight news portal	eq	1.0b

References

www.securityfocus.com/bid/29848

exchange.xforce.ibmcloud.com/vulnerabilities/43225

www.exploit-db.com/exploits/5873

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2008-7172

prion1 cvelist1 nvd1