NVD

Id
1928  
Name
CVE-2008-1992  
Description
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-04-27  
Modified Date
2009-01-29  
Seq
2008-1992  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
12460 1928 CVE-2008-1992 http://bugreport.ir/index.php?/36  View
12461 1928 CVE-2008-1992 3842  View
12462 1928 CVE-2008-1992 5478  View
12463 1928 CVE-2008-1992 20080420 Acidcat CMS Multiple Vulnerabilities  View
12464 1928 CVE-2008-1992 28868  View
12465 1928 CVE-2008-1992 acidcat-email-security-bypass(41921)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
47699 JVNDB-2008-003009 Acidcat CMS における制限を回避される脆弱性 Acidcat CMS は、(1) default_mail_aspemail.asp、(2) default_mail_cdosys.asp または (3) default_mail_jmail.asp へのアクセスを制限しないため、制限を回避される、および変更された From、FromName および To フィールドを含む電子メールを中継される脆弱性が存在します。 CVE-2008-1992 32105 CVE-2008-1992 1928 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003009.html 2008-04-27 2012-06-26 View