Vulnerability Description
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gwscripts | Gwscripts News Publisher | 1.05 |
References
- http://www.securityfocus.com/bid/1621ExploitVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b%2418
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5169
- http://www.securityfocus.com/bid/1621ExploitVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b%2418
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5169
FAQ
What is CVE-2000-0720?
CVE-2000-0720 is a vulnerability with a CVSS score of 5.0 (MEDIUM). news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request ...
How severe is CVE-2000-0720?
CVE-2000-0720 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0720?
Check the references section above for vendor advisories and patch information. Affected products include: Gwscripts Gwscripts News Publisher.