Lucene search
MitreCVE-2008-7172HistorySep 08, 2009 - 10:30 a.m.
CVE-2008-7172
2009-09-0810:30:01
CWE-264
mitre
web.nvd.nist.gov
29
cve-2008-7172
lightweight news portal
lnp 1.0b
security vulnerability
remote attackers
administrator privileges
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.005
Percentile
77.5%
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
Affected configurations
Node
yanick_bourbeaulightweight_news_portalMatch1.0b
| Vendor | Product | Version | CPE |
|---|---|---|---|
| yanick_bourbeau | lightweight_news_portal | 1.0b | cpe:2.3:a:yanick_bourbeau:lightweight_news_portal:1.0b:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2009-09-08 10:30:00
cvelist
cvelist
CVE-2008-7172
2009-09-08 10:00:00
nvd
nvd
CVE-2008-7172
2009-09-08 10:30:01
exploitdb
exploitdb
Lightweight news portal (LNP) 1.0b - Multiple Vulnerabilities
2008-06-20 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.005
Percentile
77.5%
Related for CVE-2008-7172