Vulnerabilities > CVE-2008-6473 - Credentials Management vulnerability in Blogator-Script 0.95
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Blogator-script 0.95 Change User Password Vulnerability. CVE-2008-6473. Webapps exploit for php platform |
file | exploits/php/webapps/5370.txt |
id | EDB-ID:5370 |
last seen | 2016-01-31 |
modified | 2008-04-05 |
platform | php |
port | |
published | 2008-04-05 |
reporter | Virangar Security |
source | https://www.exploit-db.com/download/5370/ |
title | Blogator-script 0.95 Change User Password Vulnerability |
type | webapps |