Vulnerabilities > CVE-2006-0724 - Variable Overwrite vulnerability in Reamday Enterprises Magic News Lite 1.2.3
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/44078/EV0072.txt |
id | PACKETSTORM:44078 |
last seen | 2016-12-05 |
published | 2006-02-22 |
reporter | Aliaksandr Hartsuyeu |
source | https://packetstormsecurity.com/files/44078/EV0072.txt.html |
title | EV0072.txt |