Published: 20/10/2000 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote malicious users to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cgi script center subscribe me lite 2.0

source: wwwsecurityfocuscom/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite This would grant the user full administrative privileges which includes addition or removal of users from mailing lists <html> <FORM ACTION="wwwcgis ...

source: wwwsecurityfocuscom/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite This would grant the user full administrative privileges which includes addition or removal of users from mailing lists #!/usr/bin/perl -w ## Subscribe Me Lite 20 ex ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2000-08/0292.html http://www.securityfocus.com/bid/1607 http://www.cgiscriptcenter.com/subscribe/http://marc.info/?l=bugtraq&m=96722957421029&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/20177/

CVE-2000-0688

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect