membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2006-01/0483.html | Exploit Vendor Advisory |
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0437.html | Exploit Vendor Advisory |
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.html | Exploit Vendor Advisory |
http://secunia.com/advisories/18439 | Exploit Vendor Advisory |
http://securityreason.com/securityalert/344 | |
http://www.osvdb.org/22385 | Exploit |
http://www.securityfocus.com/archive/1/421748/100/0/threaded | |
http://www.vupen.com/english/advisories/2006/0173 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24101 |
Configurations
History
No history.
Information
Published : 2006-01-13 23:03
Updated : 2024-02-04 16:52
NVD link : CVE-2006-0203
Mitre link : CVE-2006-0203
CVE.ORG link : CVE-2006-0203
JSON object : View
Products Affected
mini-nuke
- cms_system
CWE
CWE-20
Improper Input Validation