Vulnerability Description
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Belchior Foundry | Vcard | 2.8 |
References
- http://marc.info/?l=bugtraq&m=107957312531199&w=2
- http://www.securityfocus.com/bid/9910ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15522
- http://marc.info/?l=bugtraq&m=107957312531199&w=2
- http://www.securityfocus.com/bid/9910ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15522
FAQ
What is CVE-2004-1828?
CVE-2004-1828 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to unin...
How severe is CVE-2004-1828?
CVE-2004-1828 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1828?
Check the references section above for vendor advisories and patch information. Affected products include: Belchior Foundry Vcard.