CVE-2008-3033

EPSS 3.0%

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/32003unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/3975 https://exchange.xforce.ibmcloud.com/vulnerabilities/43509 http://www.securityfocus.com/archive/1/493783/100/0/threaded http://www.securityfocus.com/bid/30016