Lucene search

MitreCVE-2009-4232

HistoryDec 08, 2009 - 7:30 p.m.

CVE-2009-4232

2009-12-0819:30:00

CWE-287

mitre

web.nvd.nist.gov

joomla

com_kide

shoutbox

authentication

bypass

cve-2009-4232

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

58.0%

JSON

The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

jonijnmcom_kideMatch0.4.6

AND

joomlajoomla\!

VendorProductVersionCPE
jonijnmcom_kide0.4.6cpe:2.3:a:jonijnm:com_kide:0.4.6:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jonijnm	com_kide	0.4.6	cpe:2.3:a:jonijnm:com_kide:0.4.6:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

secunia.com/advisories/37508

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

58.0%

JSON

Related for CVE-2009-4232