Vulnerabilities > CVE-2004-0621 - Authentication Bypass vulnerability in ZaireWeb Solutions Newsletter ZWS Administrative Interface
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability. CVE-2004-0621. Webapps exploit for php platform |
id | EDB-ID:24235 |
last seen | 2016-02-02 |
modified | 2004-06-24 |
published | 2004-06-24 |
reporter | GaMeS |
source | https://www.exploit-db.com/download/24235/ |
title | ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability |