Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2002-0286

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2002-0286
  • Sitenews » Sitenews » Version: 0.01_beta
    cpe:2.3:a:sitenews:sitenews:0.01_beta
  • Sitenews » Sitenews » Version: 0.02_beta
    cpe:2.3:a:sitenews:sitenews:0.02_beta
  • Sitenews » Sitenews » Version: 0.03_beta
    cpe:2.3:a:sitenews:sitenews:0.03_beta
  • Sitenews » Sitenews » Version: 0.04_beta
    cpe:2.3:a:sitenews:sitenews:0.04_beta
  • Sitenews » Sitenews » Version: 0.05_beta
    cpe:2.3:a:sitenews:sitenews:0.05_beta
  • Sitenews » Sitenews » Version: 0.06_beta
    cpe:2.3:a:sitenews:sitenews:0.06_beta
  • Sitenews » Sitenews » Version: 0.07_beta
    cpe:2.3:a:sitenews:sitenews:0.07_beta
  • Sitenews » Sitenews » Version: 0.08_beta
    cpe:2.3:a:sitenews:sitenews:0.08_beta
  • Sitenews » Sitenews » Version: 0.09_beta
    cpe:2.3:a:sitenews:sitenews:0.09_beta
  • Sitenews » Sitenews » Version: 0.10_beta
    cpe:2.3:a:sitenews:sitenews:0.10_beta
  • Sitenews » Sitenews » Version: 0.11_beta
    cpe:2.3:a:sitenews:sitenews:0.11_beta


Products
Pricing
Contact Us

Shodan ® - All rights reserved