Vulnerabilities > CVE-2009-3180 - Credentials Management vulnerability in Anantasoft Gazelle CMS 1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
anantasoft
CWE-255
exploit available

Summary

Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php.

Vulnerable Configurations

Part Description Count
Application
Anantasoft
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGazelle CMS 1.0 Multiple Vulnerabilities / RCE Exploit. CVE-2009-3167,CVE-2009-3171,CVE-2009-3180,CVE-2009-3181,CVE-2009-3182. Webapps exploit for php platform
fileexploits/php/webapps/9425.sh
idEDB-ID:9425
last seen2016-02-01
modified2009-08-12
platformphp
port
published2009-08-12
reporterIHTeam
sourcehttps://www.exploit-db.com/download/9425/
titleGazelle CMS 1.0 - Multiple Vulnerabilities / RCE Exploit
typewebapps