Vulnerabilities > CVE-2008-0724 - Credentials Management vulnerability in the Everything Development Company the Everything Development Engine

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

the-everything-development-company

CWE-255

exploit available

NVD

Published: 2008-02-12

Updated: 2018-10-15

Summary

The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.

Vulnerable Configurations

Part	Description	Count
Application	The_Everything_Development_Company THE Everything Development Company THE Everything Development Engine *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	The Everything Development System <= Pre-1.0 SQL Injection Vuln. CVE-2008-0675,CVE-2008-0724. Webapps exploit for php platform
file	exploits/php/webapps/5037.txt
id	EDB-ID:5037
last seen	2016-01-31
modified	2008-02-02
platform	php
port
published	2008-02-02
reporter	sub
source	https://www.exploit-db.com/download/5037/
title	The Everything Development System <= Pre-1.0 - SQL Injection Vuln
type	webapps

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References