Vulnerabilities > CVE-2004-1847 - Multiple vulnerability in Expinion.net News Manager Lite

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

expinion-net

exploit available

NVD

Published: 2004-03-20

Updated: 2017-07-11

Summary

News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.

Vulnerable Configurations

Part	Description	Count
Application	Expinion.Net Expinion.Net News Manager Lite 2.5	1

Exploit-Db

description	Expinion.net News Manager Lite 2.5 NEWS_LOGIN Cookie ADMIN Parameter Manipulation Admin Authentication Bypass. CVE-2004-1847. Webapps exploit for asp platform
id	EDB-ID:23863
last seen	2016-02-02
modified	2004-03-20
published	2004-03-20
reporter	Manuel Lopez
source	https://www.exploit-db.com/download/23863/
title	Expinion.net News Manager Lite 2.5 NEWS_LOGIN Cookie ADMIN Parameter Manipulation Admin Authentication Bypass

Summary

Vulnerable Configurations

Exploit-Db

References