Back to search
CVE-2002-0286
Published: May 3, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
sitenews-getpassword-add-users(8181)
vdb-entry
x_refsource_XF
4046
vdb-entry
x_refsource_BID
20020216 SiteNews remote add user exploit
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now