// For flags

CVE-2003-0589

 

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.

admin.php en Digi-ads 1.1 permite a atacantes remotos saltarse la autenticación mediante una galletita (cookie) con el nombre de usuario establecido al nombre del administrador, lo que satisface una condición inapropiada en admin.php de no requerir una contraseña correcta.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2003-07-17 CVE Reserved
  • 2003-08-18 CVE Published
  • 2024-08-08 CVE Updated
  • 2024-08-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
http://marc.info/?l=bugtraq&m=105839007002993&w=2 Mailing List
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Digi-fx
Search vendor "Digi-fx"
 Digi-news
Search vendor "Digi-fx" for product "Digi-news"
 1.1
Search vendor "Digi-fx" for product "Digi-news" and version "1.1"
-
Affected