Vulnerability CVE-2002-0491


Published: 2002-08-12   Modified: 2012-02-12

Description:
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.

Vendor: Alguest
Product: Alguest 
Version: 1.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/4355
http://www.securityfocus.com/archive/1/263902
http://www.iss.net/security_center/static/8623.php

Copyright 2019, cxsecurity.com

 

Back to Top