{"type": "osvdb", "published": "2001-07-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1911", "hashmap": [{"key": "affectedSoftware", "hash": "14a607649d99ec1049cd500130f55ddb"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "8cef54721df6d629f0d2f149a52a9521"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "71e6a35979b75163d33208c51c41d6ff"}, {"key": "href", "hash": "2e6b0ac0c1c09806bd90ed6c6579d83c"}, {"key": "modified", "hash": "3ef918c86b33efb8da9d7b745f42afd0"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "3ef918c86b33efb8da9d7b745f42afd0"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "766f5bbda17b1a7623c2c2ca23d57d79"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "viewCount": 3, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "Mambo Open Source index2.php Administrator Password Bypass", "affectedSoftware": [{"operator": "eq", "version": "3.0.1", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.4", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.2", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.3", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.5", "name": "Mambo Server"}], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2001-1011"]}], "modified": "2017-04-28T13:19:56"}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:1911", "hash": "0789fcc4f1e2145357f42c22741b17a6a0f4a58981d28960b452171a124c851c", "lastseen": "2017-04-28T13:19:56", "cvelist": ["CVE-2001-1011"], "modified": "2001-07-24T00:00:00", "description": "## Vulnerability Description\nindex2.php in Mambo Site Server allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.\n## Technical Description\nMambo Server 3.0.0 through 3.0.5 stored the global variables insecurely. Versions 3.x are no longer supported. The current version as of December, 2003 is 4.0.14, with 4.5 rc4 available.\n## Solution Description\nUpgrade to version 4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nindex2.php in Mambo Site Server allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.\n## References:\nVendor URL: http://www.mamboserver.com/\nISS X-Force ID: 6910\nGeneric Exploit URL: http://packetstormsecurity.nl/0107-exploits/mambo_advisorie.txt\nGeneric Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html\n[CVE-2001-1011](https://vulners.com/cve/CVE-2001-1011)\nCERT VU: 847803\nBugtraq ID: 3093\n"}

{"cve": [{"lastseen": "2017-10-10T10:34:45", "bulletinFamily": "NVD", "description": "index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.", "modified": "2017-10-09T21:29:58", "published": "2001-07-25T00:00:00", "id": "CVE-2001-1011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1011", "title": "CVE-2001-1011", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}