CVE-2002-0286
Last modified
CVE-2002-0286 is a vulnerability of currently unknown severity. The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.. EPSS estimates a 1.57% chance of exploitation in the next 30 days.
Description
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sitenews | Sitenews | 0.01_beta |
| Sitenews | Sitenews | 0.02_beta |
| Sitenews | Sitenews | 0.03_beta |
| Sitenews | Sitenews | 0.04_beta |
| Sitenews | Sitenews | 0.05_beta |
| Sitenews | Sitenews | 0.06_beta |
| Sitenews | Sitenews | 0.07_beta |
| Sitenews | Sitenews | 0.08_beta |
| Sitenews | Sitenews | 0.09_beta |
| Sitenews | Sitenews | 0.10_beta |
| Sitenews | Sitenews | 0.11_beta |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-0286?
How severe is CVE-2002-0286?
How do I fix CVE-2002-0286?
Are you affected by CVE-2002-0286?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST