Vulnerabilities > CVE-2002-2175 - Unspecified vulnerability in PHP PHPsquidpass

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

php

NVD

Published: 2002-12-31

Updated: 2016-10-18

Summary

phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. This vulnerability affects all versions of phpSquidPass before 0.2

Vulnerable Configurations

Part	Description	Count
Application	Php PHP Phpsquidpass *	1

References

http://marc.info/?l=bugtraq&m=102508071021631&w=2
http://sourceforge.net/forum/forum.php?forum_id=188359
http://www.iss.net/security_center/static/9417.php
http://www.securityfocus.com/bid/5090