Vulnerability CVE-2004-0259


Published: 2004-11-23   Modified: 2012-02-12

Description:
The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Joe lumbroso acks -> Formmail.php 

 References:
http://marc.info/?l=bugtraq&m=107619109629629&w=2
http://www.securityfocus.com/bid/9591
http://xforce.iss.net/xforce/xfdb/15079

Copyright 2024, cxsecurity.com

 

Back to Top