Vulnerability Description
PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portalapp | Portalapp | 4.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28337Vendor Advisory
- http://securityreason.com/securityalert/4439
- http://www.aspapp.com/content.asp?CatId=197&ContentType=DownloadsPatch
- http://www.securityfocus.com/bid/27170
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39457
- https://www.exploit-db.com/exploits/4848
- http://secunia.com/advisories/28337Vendor Advisory
- http://securityreason.com/securityalert/4439
- http://www.aspapp.com/content.asp?CatId=197&ContentType=DownloadsPatch
- http://www.securityfocus.com/bid/27170
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39457
- https://www.exploit-db.com/exploits/4848
FAQ
What is CVE-2008-4614?
CVE-2008-4614 is a vulnerability with a CVSS score of 7.5 (HIGH). PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.
How severe is CVE-2008-4614?
CVE-2008-4614 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4614?
Check the references section above for vendor advisories and patch information. Affected products include: Portalapp Portalapp.