Vulnerability CVE-2002-0491


Published: 2002-08-12   Modified: 2012-02-12

Description:
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Alguest -> Alguest 

 References:
http://www.securityfocus.com/bid/4355
http://www.securityfocus.com/archive/1/263902
http://www.iss.net/security_center/static/8623.php

Copyright 2020, cxsecurity.com

 

Back to Top