CVE-2000-0435 - The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can b

CVE-2000-0435

Summary

The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.

References

http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
http://www.osvdb.org/1337
http://www.securityfocus.com/bid/1217

Vulnerable Configurations

cpe:2.3:a:matthew_redman:allmanage:2.6:*:*:*:*:*:*:*
cpe:2.3:a:matthew_redman:allmanage:2.6:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1217
bugtraq	20000516 Allmanage.pl Vulnerabilities
osvdb	1337
xf	http-cgi-allmanage-account-access

Last major update

10-09-2008 - 19:04

Published

13-05-2000 - 04:00

Last modified

10-09-2008 - 19:04