CVE-2002-0837 - wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute ar

CVE-2002-0837

Summary

wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.

References

Vulnerable Configurations

cpe:2.3:a:wordtrans:wordtrans-web:1.0_beta2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wordtrans:wordtrans-web:1.0_beta2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wordtrans:wordtrans-web:1.1_pre8:*:*:*:*:*:*:*
cpe:2.3:a:wordtrans:wordtrans-web:1.1_pre8:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:22)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2002:188

refmap via4

bid	5671 5674
bugtraq	20020908 Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities
misc	http://www.guardent.com/comp_news_wordtrans-web.html#
xf	wordtrans-web-code-execution(10063) wordtrans-web-php-xss(10059)

Last major update

18-10-2016 - 02:22

Published

04-10-2002 - 04:00

Last modified

18-10-2016 - 02:22