Vulnerabilities > CVE-2002-0286 - Unspecified vulnerability in Sitenews

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sitenews

NVD

Published: 2002-05-31

Updated: 2017-07-11

Summary

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.

Vulnerable Configurations

Part	Description	Count
Application	Sitenews Sitenews Sitenews 0.01_Beta Sitenews Sitenews 0.02_Beta Sitenews Sitenews 0.03_Beta Sitenews Sitenews 0.04_Beta Sitenews Sitenews 0.05_Beta Sitenews Sitenews 0.06_Beta Sitenews Sitenews 0.07_Beta Sitenews Sitenews 0.08_Beta Sitenews Sitenews 0.09_Beta Sitenews Sitenews 0.10_Beta Sitenews Sitenews 0.11_Beta	11

Summary

Vulnerable Configurations

References