Vulnerabilities > CVE-2002-0286 - Unspecified vulnerability in Sitenews

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sitenews

NVD

Published: 2002-05-31

Updated: 2024-11-20

Summary

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.

Vulnerable Configurations

Part	Description	Count
Application	Sitenews Sitenews Sitenews 0.10_Beta Sitenews Sitenews 0.11_Beta Sitenews Sitenews 0.09_Beta Sitenews Sitenews 0.04_Beta Sitenews Sitenews 0.05_Beta Sitenews Sitenews 0.02_Beta Sitenews Sitenews 0.06_Beta Sitenews Sitenews 0.03_Beta Sitenews Sitenews 0.01_Beta Sitenews Sitenews 0.08_Beta Sitenews Sitenews 0.07_Beta	11

Summary

Vulnerable Configurations

References