ID CVE-2005-0305
Summary CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
References
Vulnerable Configurations
  • cpe:2.3:a:siteman:siteman:1.1.10
    cpe:2.3:a:siteman:siteman:1.1.10
  • cpe:2.3:a:siteman:siteman:1.1.9
    cpe:2.3:a:siteman:siteman:1.1.9
CVSS
Base: 7.5 (as of 06-06-2005 - 16:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Siteman 1.1 User Database Privilege Escalation Vulnerability (1). CVE-2005-0305. Webapps exploit for php platform
    id EDB-ID:25052
    last seen 2016-02-03
    modified 2005-01-19
    published 2005-01-19
    reporter Noam Rathaus
    source https://www.exploit-db.com/download/25052/
    title Siteman 1.1 - User Database Privilege Escalation Vulnerability 1
  • description Siteman 1.1 User Database Privilege Escalation Vulnerability (2). CVE-2005-0305. Webapps exploit for php platform
    id EDB-ID:25053
    last seen 2016-02-03
    modified 2005-01-19
    published 2005-01-19
    reporter amironline452
    source https://www.exploit-db.com/download/25053/
    title Siteman 1.1 - User Database Privilege Escalation Vulnerability 2
nessus via4
NASL family CGI abuses
NASL id SITEMAN_USER_DB_PRIV_ESCALATION.NASL
description The remote host is running Siteman, a web-based content management system written in PHP. The version of this software hosted on the remote web server fails to sanitize input to the 'line' parameter of the 'users.php' script when 'do=create', which allows an attacker with valid credentials to create an arbitrary administrative user.
last seen 2019-02-21
modified 2018-11-15
plugin id 16216
published 2005-01-19
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=16216
title Siteman < 1.1.11 Multiple Vulnerabilities
refmap via4
bid 12304
bugtraq
  • 20050120 God Admin Injection Vulnerability in Siteman 1.0.x,
  • 20050122 Siteman User Database Line Insertion Vulnerability
osvdb 13131
sectrack 1012951
xf siteman-gain-access(18998)
Last major update 17-10-2016 - 23:10
Published 02-05-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top