CVE-2005-3435

admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
Configurations

Configuration 1 (hide)

cpe:2.3:a:archilles:newsworld:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:01

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=113018731120709&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=113018731120709&w=2 - Mailing List
References () http://secunia.com/advisories/17310/ - Broken Link, Vendor Advisory () http://secunia.com/advisories/17310/ - Broken Link, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 - Third Party Advisory, VDB Entry

09 Feb 2024, 03:13

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-522
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 9.8
References () http://marc.info/?l=bugtraq&m=113018731120709&w=2 - () http://marc.info/?l=bugtraq&m=113018731120709&w=2 - Mailing List
References () http://secunia.com/advisories/17310/ - Vendor Advisory () http://secunia.com/advisories/17310/ - Broken Link, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 - Third Party Advisory, VDB Entry

Information

Published : 2005-11-02 11:02

Updated : 2024-11-21 00:01


NVD link : CVE-2005-3435

Mitre link : CVE-2005-3435

CVE.ORG link : CVE-2005-3435


JSON object : View

Products Affected

archilles

  • newsworld
CWE
CWE-522

Insufficiently Protected Credentials