CVE-2002-0286

Published May 31, 2002

Last updated 7 years ago

Overview

Description: The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.01_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8A874B9-FE17-4075-92A0-AC0B752487CF"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.02_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "607163D8-509A-4B9A-B241-4BCB43DD2C9C"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.03_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD409441-F5AF-4290-85FB-A6647B157D07"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.04_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "116D3A15-A36C-4F38-9C37-FB4FFC7B2232"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.05_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82B40C43-6B8B-43E0-A4E2-51E541860A39"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.06_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E3261A9-DF2E-4A5D-9483-3AC626F5E864"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.07_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7437C130-2964-418E-B783-0B79D1E534E0"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.08_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7292ECFE-C357-4870-865C-7134A9D0DF3E"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.09_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C58E8BE0-A10B-4A91-9A20-108DB9F67982"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.10_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43A324B-B3B8-4189-8CED-695E95D379DD"
          },
          {
            "criteria": "cpe:2.3:a:sitenews:sitenews:0.11_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10ECB463-AEC5-49D6-9697-16CDD33A02E6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References