Sitenews未认证用户添加漏洞

漏洞信息详情

Sitenews未认证用户添加漏洞

• CNNVD编号：CNNVD-200205-143
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0286
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-05-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sitenews
• 漏洞来源：
  Discovery of this …

SiteNews 0.10和0.11版本的function.php中GetPassword函数存在漏洞。远程攻击者通过给add_user.php的空密码提供一个不存在的用户名和MD5校验从而提升特权且添加用户。

This issue has been addressed in Sitenews 0.12 beta.
Sitenews Sitenews 0.1 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.10 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.11 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.2 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.3 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.4 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.5 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.6 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.7 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.8 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

Sitenews Sitenews 0.9 beta

• Sitenews Sitenews 0.12 beta
  
  http://www.linuxnetwork.nl/download.php?what=download&dl_id=38

来源: BUGTRAQ
名称: 20020216 SiteNews remote add user exploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101388393808699&w=2

来源: XF
名称: sitenews-getpassword-add-users(8181)
链接:http://xforce.iss.net/xforce/xfdb/8181

来源: BID
名称: 4046
链接:http://www.securityfocus.com/bid/4046