CVE-2003-1176

post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/343175	Exploit
http://www.securityfocus.com/archive/1/343314	Patch
http://www.securityfocus.com/bid/8957	Exploit
http://www.osvdb.org/2768
http://securitytracker.com/id?1008100
http://secunia.com/advisories/10137
https://exchange.xforce.ibmcloud.com/vulnerabilities/13581

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bdc_enterprises:web_wiz_forums:6.34:::::::*
	cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.01:::::::*
	cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.5:::::::*

Information

Published : 2003-12-30 21:00

Updated : 2017-07-10 18:29

NVD link : CVE-2003-1176

Mitre link : CVE-2003-1176

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

bdc_enterprises

web_wiz_forums

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/343175", "name": "20031102 Unauthorized access in Web Wiz Forum", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/343314", "name": "20031104 Re: Unauthorized access in Web Wiz Forum", "tags": ["Patch"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/8957", "name": "8957", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/2768", "name": "2768", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1008100", "name": "1008100", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/10137", "name": "10137", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13581", "name": "webwizforums-quotemode-message-access(13581)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1176", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bdc_enterprises:web_wiz_forums:6.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:29Z"}