Lucene search
HistoryDec 12, 2012 - 11:38 a.m.
CVE-2012-4974
cve-2012-4974
layton helpbox
remote access
authenticated users
privilege escalation
cookie manipulation
6.6 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.1%
Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie.
| CPE | Name | Operator | Version |
|---|---|---|---|
| laytontechnology:helpbox | laytontechnology helpbox | eq | 4.4.0 |
Related
packetstorm
packetstorm
Layton Helpbox 4.4.0 Login Bypass
2012-10-26 00:00:00
cvelist
cvelist
CVE-2012-4974
2022-10-03 16:15:35
prion
prion
Code injection
2012-12-12 11:38:00
securityvulns
securityvulns
Layton Helpbox 4.4.0 Multiple Security Issues
2012-10-29 00:00:00
6.6 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.1%
Related for CVE-2012-4974