phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html | Broken Link Vendor Advisory |
http://www.iss.net/security_center/static/10352.php | Broken Link |
http://www.securityfocus.com/bid/5947 | Broken Link Third Party Advisory VDB Entry |
Configurations
History
10 Feb 2024, 03:06
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-312 | |
References | (XF) http://www.iss.net/security_center/static/10352.php - Broken Link | |
References | (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html - Broken Link, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/5947 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2002-12-31 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-1800
Mitre link : CVE-2002-1800
CVE.ORG link : CVE-2002-1800
JSON object : View
Products Affected
phprank
- phprank
CWE
CWE-312
Cleartext Storage of Sensitive Information