ID CVE-2007-6547
Summary RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
References
Vulnerable Configurations
  • cpe:2.3:a:runcms:runcms:*:*:*:*:*:*:*:*
    cpe:2.3:a:runcms:runcms:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 15-10-2018 - 21:55)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 27019
bugtraq 20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG
exploit-db 4790
misc http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
osvdb 41246
sreason 3493
Last major update 15-10-2018 - 21:55
Published 28-12-2007 - 00:46
Last modified 15-10-2018 - 21:55
Back to Top