redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
References
Configurations
History
21 Nov 2024, 00:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityreason.com/securityalert/4804 - | |
References | () http://www.securityfocus.com/bid/31736 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/45824 - | |
References | () https://www.exploit-db.com/exploits/6729 - |
Information
Published : 2008-12-24 18:29
Updated : 2024-11-21 00:54
NVD link : CVE-2008-5708
Mitre link : CVE-2008-5708
CVE.ORG link : CVE-2008-5708
JSON object : View
Products Affected
slimcms
- slimcms
CWE
CWE-287
Improper Authentication