CVE-2014-4170
published 2020-02-13CVE-2014-4170: A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
14.48%
96.2th percentile
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freereprintables | articlefr | <= 3.0.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on unauthenticated GET requests to /data.php containing query parameters targeting the 'users' table (t=users) with membership field manipulation (f=membership&value=admin). ↗
- ·The vulnerability was still present in versions 3.0.2 and 3.0.4 despite vendor claims of a fix; no official patch was confirmed available at time of disclosure. ↗
- ·An unofficial patch was developed by High-Tech Bridge and should be evaluated as a mitigation until an official fix is confirmed. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.htmlhttp://www.exploit-db.com/exploits/34245https://exchange.xforce.ibmcloud.com/vulnerabilities/95051https://www.securityfocus.com/bid/68980http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.htmlhttp://www.exploit-db.com/exploits/34245https://exchange.xforce.ibmcloud.com/vulnerabilities/95051https://www.securityfocus.com/bid/68980
2020-02-13
Published