← back
CVE-2008-6553

CVE-2008-6553

EPSS 2.5%
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/6933unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://downloads.securityfocus.com/vulnerabilities/exploits/32063.plhttps://exchange.xforce.ibmcloud.com/vulnerabilities/46294https://www.exploit-db.com/exploits/6933http://www.securityfocus.com/bid/32063