Vulnerability Description
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maxwebportal | Maxwebportal | 1.30 |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.htmlPatch
- http://secunia.com/advisories/8979Exploit
- http://www.osvdb.org/4933
- http://www.securityfocus.com/bid/7837Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12278
- http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.htmlPatch
- http://secunia.com/advisories/8979Exploit
- http://www.osvdb.org/4933
- http://www.securityfocus.com/bid/7837Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12278
FAQ
What is CVE-2003-1212?
CVE-2003-1212 is a vulnerability with a CVSS score of 7.5 (HIGH). MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
How severe is CVE-2003-1212?
CVE-2003-1212 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1212?
Check the references section above for vendor advisories and patch information. Affected products include: Maxwebportal Maxwebportal.