Vulnerabilities > CVE-2004-0621 - Authentication Bypass vulnerability in ZaireWeb Solutions Newsletter ZWS Administrative Interface

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
zaireweb-solutions
critical
exploit available
NVD
Published: 2004-12-06
Updated: 2017-07-11

Summary

admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.

Vulnerable Configurations

Part Description Count
Application
Zaireweb_Solutions
1

Exploit-Db

descriptionZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability. CVE-2004-0621. Webapps exploit for php platform
idEDB-ID:24235
last seen2016-02-02
modified2004-06-24
published2004-06-24
reporterGaMeS
sourcehttps://www.exploit-db.com/download/24235/
titleZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability

References