Lucene search
HistoryOct 20, 2000 - 4:00 a.m.
CVE-2000-0720
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.016
Percentile
87.6%
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
Affected configurations
Node
gwscriptsgwscripts_news_publisherMatch1.05
ORgwscriptsgwscripts_news_publisherMatch1.05a
ORgwscriptsgwscripts_news_publisherMatch1.05b
ORgwscriptsgwscripts_news_publisherMatch1.06
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gwscripts | gwscripts_news_publisher | 1.05 | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05:*:*:*:*:*:*:* |
| gwscripts | gwscripts_news_publisher | 1.05a | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05a:*:*:*:*:*:*:* |
| gwscripts | gwscripts_news_publisher | 1.05b | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05b:*:*:*:*:*:*:* |
| gwscripts | gwscripts_news_publisher | 1.06 | cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.06:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
GWScripts News Publisher 1.0 - 'author.file' Write
2000-08-29 00:00:00
cvelist
cvelist
CVE-2000-0720
2001-05-07 04:00:00
cve
cve
CVE-2000-0720
2001-05-07 04:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.016
Percentile
87.6%
Related for NVD:CVE-2000-0720