Published: 20/10/2000 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote malicious users to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cgi script center account manager lite_1.0
cgi script center account manager pro_1.0

source: wwwsecurityfocuscom/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager In order to accomplish this, a user would access the following URL with a POST command: target/cgibin/amadminpl?setpasswd This would grant the user full admin ...

source: wwwsecurityfocuscom/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager In order to accomplish this, a user would access the following URL with a POST command: target/cgibin/amadminpl?setpasswd This would grant the user full administ ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2000-08/0291.html http://www.securityfocus.com/bid/1604 http://www.cgiscriptcenter.com/acctlite/http://www.osvdb.org/13341 https://exchange.xforce.ibmcloud.com/vulnerabilities/5125 https://nvd.nist.gov https://www.exploit-db.com/exploits/20165/

CVE-2000-0689

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect