CVE-2010-5318 - The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers t

CVE-2010-5318

Summary

The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.

References

https://www.htbridge.com/advisory/HTB22667

Vulnerable Configurations

cpe:2.3:a:basic-cms:sweetrice:0.6.7.1:*:*:*:*:*:*:*
cpe:2.3:a:basic-cms:sweetrice:0.6.7.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 05-01-2015 - 18:27)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

misc

https://www.htbridge.com/advisory/HTB22667

Last major update

05-01-2015 - 18:27

Published

03-01-2015 - 11:59

Last modified

05-01-2015 - 18:27