Vulnerability Details CVE-2012-6710
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://itsecuritysolutions.org/2012-12-31-eXtplorer-v2.1-authentication-bypass-vulnerability
- http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201212-371
- https://www.securityfocus.com/bid/57058
- http://itsecuritysolutions.org/2012-12-31-eXtplorer-v2.1-authentication-bypass-vulnerability
- http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201212-371
- https://www.securityfocus.com/bid/57058
Products affected by CVE-2012-6710
-
cpe:2.3:a:extplorer:extplorer:-
-
cpe:2.3:a:extplorer:extplorer:1.0.0
-
cpe:2.3:a:extplorer:extplorer:2.0.0
-
cpe:2.3:a:extplorer:extplorer:2.1.0
-
cpe:2.3:a:extplorer:extplorer:2.1.1
-
cpe:2.3:a:extplorer:extplorer:2.1.2