CVE-2010-5318
published 2015-01-03CVE-2010-5318: The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the…
PriorityP335medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.76%
75.1th percentile
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basic-cms | sweetrice | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
diafan.cms 4.3 - Multiple Vulnerabilities
exploitdb·2011-01-11
CVE-2011-5318 diafan.cms 4.3 - Multiple Vulnerabilities
diafan.cms 4.3 - Multiple Vulnerabilities
---
Vulnerability ID: HTB22777
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_diafan_cms.html
Product: diafan.CMS
Vendor: Diafan ( http://www.diafan.ru/ )
Vulnerable Version: 4.3 and probably prior versions
Vendor Notification: 28 December 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
CSRF:
Vulnerability Details:
The vulnerability exists due to failure in the "http://host/admin/usersite/save2/" script to properly verify the source of HTTP request.
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie
Exploit-DB
SweetRice 0.6.7 - Multiple Vulnerabilities
exploitdb·2010-11-04
CVE-2010-5318 SweetRice 0.6.7 - Multiple Vulnerabilities
SweetRice 0.6.7 - Multiple Vulnerabilities
---
Vulnerability ID: HTB22669
Reference: http://www.htbridge.ch/advisory/reset_admin_password_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: Logic error
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/as/index.php" scripts to properly sanitize user-supplied input. Attacker can change admin password.
The following PoC is available:
Vulnerability ID: HTB22668
Reference: http://www.htbridge.ch/advisory/xss_in_sweetrice_cm
No writeups or analysis indexed.
2015-01-03
Published