Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.html | Exploit Patch Vendor Advisory |
http://www.iss.net/security_center/static/9697.php | Vendor Advisory |
http://www.securityfocus.com/bid/5341 | Exploit Patch Vendor Advisory |
http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.html | Exploit Patch Vendor Advisory |
http://www.iss.net/security_center/static/9697.php | Vendor Advisory |
http://www.securityfocus.com/bid/5341 | Exploit Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.html - Exploit, Patch, Vendor Advisory | |
References | () http://www.iss.net/security_center/static/9697.php - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/5341 - Exploit, Patch, Vendor Advisory |
Information
Published : 2003-04-11 04:00
Updated : 2024-11-20 23:41
NVD link : CVE-2002-1410
Mitre link : CVE-2002-1410
CVE.ORG link : CVE-2002-1410
JSON object : View
Products Affected
easy_scripts_archive
- easy_guestbook
ben_chivers
- ben_chivers_guestbook
CWE