CVE-2002-1820 — CRITICAL (9.8)

Vulnerability Description

register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ultimate Php Board Project	Ultimate Php Board	1.0

Related Weaknesses (CWE)

CWE-178

References

http://www.iss.net/security_center/static/9972.phpBroken LinkPatch
http://www.securityfocus.com/archive/1/289417Broken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/5580Broken LinkThird Party AdvisoryVDB Entry
http://www.iss.net/security_center/static/9972.phpBroken LinkPatch
http://www.securityfocus.com/archive/1/289417Broken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/5580Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2002-1820?

CVE-2002-1820 is a vulnerability with a CVSS score of 9.8 (CRITICAL). register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account n...

How severe is CVE-2002-1820?

CVE-2002-1820 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2002-1820?

Check the references section above for vendor advisories and patch information. Affected products include: Ultimate Php Board Project Ultimate Php Board.