CVE-2002-0096

Sažetak

The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.

Reference

http://geeklog.sourceforge.net/index.php?topic=Security
http://www.iss.net/security_center/static/7780.php
http://www.securityfocus.com/archive/1/248367
http://www.securityfocus.com/bid/3783

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-09-2008 - 20:27

Objavljeno

25-03-2002 - 05:00