Lucene search

[email protected]CVE-2010-2685

HistoryJul 12, 2010 - 1:27 p.m.

CVE-2010-2685

2010-07-1213:27:28

CWE-264

[email protected]

web.nvd.nist.gov

cve-2010-2685

customer paradigm

pagedirector cms

access restriction bypass

adduser.php

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request.

Affected configurations

NVD

Node

customerparadigmpagedirector_cms

CPENameOperatorVersion
customerparadigm:pagedirector_cmscustomerparadigm pagedirector cmseq*

CPE	Name	Operator	Version
customerparadigm:pagedirector_cms	customerparadigm pagedirector cms	eq	*

References

packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt

secunia.com/advisories/40367

www.exploit-db.com/exploits/14089

www.osvdb.org/65831

www.vupen.com/english/advisories/2010/1633

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2010-2685

prion1 nvd1 cvelist1