ID OSVDB:11376
Type osvdb
Reporter OSVDB
Modified 2002-08-18T00:00:00
Description
No description provided by the source
References:
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html
ISS X-Force ID: 9901
CVE-2002-1422
Bugtraq ID: 5502
{"edition": 1, "title": "FUDforum admbrowse.php URL-Encoded Pathname Arbitrary File Modification", "bulletinFamily": "software", "published": "2002-08-18T00:00:00", "lastseen": "2017-04-28T13:20:06", "modified": "2002-08-18T00:00:00", "reporter": "OSVDB", "viewCount": 2, "href": "https://vulners.com/osvdb/OSVDB:11376", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html\nISS X-Force ID: 9901\n[CVE-2002-1422](https://vulners.com/cve/CVE-2002-1422)\nBugtraq ID: 5502\n", "affectedSoftware": [], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-04-28T13:20:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-1422"]}, {"type": "exploitdb", "idList": ["EDB-ID:21724"]}], "modified": "2017-04-28T13:20:06", "rev": 2}, "vulnersScore": 6.0}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 5.0}, "cvelist": ["CVE-2002-1422"], "id": "OSVDB:11376"}
{"cve": [{"lastseen": "2020-10-03T11:37:00", "description": "admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.", "edition": 3, "cvss3": {}, "published": "2003-04-11T04:00:00", "title": "CVE-2002-1422", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1422"], "modified": "2008-09-05T20:30:00", "cpe": ["cpe:/a:ilia_alshanetsky:fudforum:2.0.2", "cpe:/a:ilia_alshanetsky:fudforum:1.9.8", "cpe:/a:ilia_alshanetsky:fudforum:1.2.8"], "id": "CVE-2002-1422", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1422", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ilia_alshanetsky:fudforum:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ilia_alshanetsky:fudforum:1.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:ilia_alshanetsky:fudforum:1.2.8:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T17:07:40", "description": "Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 File Modification Vulnerability. CVE-2002-1422 . Webapps exploit for php platform", "published": "2002-08-19T00:00:00", "type": "exploitdb", "title": "Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 File Modification Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-1422"], "modified": "2002-08-19T00:00:00", "id": "EDB-ID:21724", "href": "https://www.exploit-db.com/exploits/21724/", "sourceData": "source: http://www.securityfocus.com/bid/5502/info\r\n\r\nReportedly, it is possible for an administrator to manipulate (create, modify etc.) files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is the result of FUDForum allowing access to files and directories outside of FUDForum directories.\r\n\r\nhttp://victim.com/admbrowse.php?down=1&cur=%2Fetc%2F&dest=passwd&rid=1&S=[someid]", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/21724/"}]}
