CVE-2008-0391

2008-01-2301:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.1%

JSON

inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.

References

www.securityfocus.com/bid/27315

www.exploit-db.com/exploits/4922