Vulnerability Description
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ben Chivers | Ben Chivers Guestbook | 1.0 |
| Easy Scripts Archive | Easy Guestbook | 1.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/9697.phpVendor Advisory
- http://www.securityfocus.com/bid/5341ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/9697.phpVendor Advisory
- http://www.securityfocus.com/bid/5341ExploitPatchVendor Advisory
FAQ
What is CVE-2002-1410?
CVE-2002-1410 is a vulnerability with a CVSS score of 7.5 (HIGH). Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of...
How severe is CVE-2002-1410?
CVE-2002-1410 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1410?
Check the references section above for vendor advisories and patch information. Affected products include: Ben Chivers Ben Chivers Guestbook, Easy Scripts Archive Easy Guestbook.