CVE-2000-0688 - Subscribe Me LITE does not properly authenticate attempts to change the administrator password, whic

CVE-2000-0688

Summary

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

References

http://archives.neohapsis.com/archives/bugtraq/2000-08/0292.html
http://marc.info/?l=bugtraq&m=96722957421029&w=2
http://www.cgiscriptcenter.com/subscribe/
http://www.securityfocus.com/bid/1607

Vulnerable Configurations

cpe:2.3:a:cgi_script_center:subscribe_me_lite:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cgi_script_center:subscribe_me_lite:2.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:07)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1607
bugtraq	20000823 Re: Subscribe Me CGI Vulnerability 20000823 Subscribe Me Vulnerability
confirm	http://www.cgiscriptcenter.com/subscribe/

Last major update

18-10-2016 - 02:07

Published

20-10-2000 - 04:00

Last modified

18-10-2016 - 02:07