Vulnerability Details CVE-2014-1631
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.276
EPSS Ranking 96.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666
- http://www.securityfocus.com/archive/1/530891/100/0/threaded
- https://bugs.launchpad.net/eventum/+bug/1271499
- https://www.htbridge.com/advisory/HTB23198
- http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666
- http://www.securityfocus.com/archive/1/530891/100/0/threaded
- https://bugs.launchpad.net/eventum/+bug/1271499
- https://www.htbridge.com/advisory/HTB23198
Products affected by CVE-2014-1631
-
cpe:2.3:a:eventum_project:eventum:1.1.0
-
cpe:2.3:a:eventum_project:eventum:1.2.0
-
cpe:2.3:a:eventum_project:eventum:1.2.1
-
cpe:2.3:a:eventum_project:eventum:1.2.2
-
cpe:2.3:a:eventum_project:eventum:1.3.0
-
cpe:2.3:a:eventum_project:eventum:1.3.1
-
cpe:2.3:a:eventum_project:eventum:1.4.0
-
cpe:2.3:a:eventum_project:eventum:1.5.0
-
cpe:2.3:a:eventum_project:eventum:1.5.1
-
cpe:2.3:a:eventum_project:eventum:1.5.2
-
cpe:2.3:a:eventum_project:eventum:1.5.3
-
cpe:2.3:a:eventum_project:eventum:1.5.4
-
cpe:2.3:a:eventum_project:eventum:1.5.5
-
cpe:2.3:a:eventum_project:eventum:1.6.0
-
cpe:2.3:a:eventum_project:eventum:1.6.1
-
cpe:2.3:a:eventum_project:eventum:1.7.0
-
cpe:2.3:a:eventum_project:eventum:1.7.1
-
cpe:2.3:a:eventum_project:eventum:2.0.0
-
cpe:2.3:a:eventum_project:eventum:2.0.1
-
cpe:2.3:a:eventum_project:eventum:2.1.0
-
cpe:2.3:a:eventum_project:eventum:2.1.1
-
cpe:2.3:a:eventum_project:eventum:2.2.0
-
cpe:2.3:a:eventum_project:eventum:2.3.0
-
cpe:2.3:a:eventum_project:eventum:2.3.1
-
cpe:2.3:a:eventum_project:eventum:2.3.2
-
cpe:2.3:a:eventum_project:eventum:2.3.3
-
cpe:2.3:a:eventum_project:eventum:2.3.4