Vulnerability Details : CVE-2002-0286
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Exploit prediction scoring system (EPSS) score for CVE-2002-0286
Probability of exploitation activity in the next 30 days: 1.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0286
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-0286
Products affected by CVE-2002-0286
- cpe:2.3:a:sitenews:sitenews:0.02_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.03_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.10_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.11_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.01_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.08_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.09_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.06_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.07_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.04_beta:*:*:*:*:*:*:*
- cpe:2.3:a:sitenews:sitenews:0.05_beta:*:*:*:*:*:*:*