Vulnerability Details : CVE-2004-0249
Potential exploit
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
Products affected by CVE-2004-0249
- cpe:2.3:a:phpx:phpx:3.2.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0249
4.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0249
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-0249
-
http://marc.info/?l=bugtraq&m=107586932324901&w=2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15512
PHPX could allow an attacker to hijack sessions undefined Vulnerability Report
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15052
PHPX could allow an attacker to modify cookie to hijack another user`s account CVE-2004-0249 Vulnerability Report
-
http://secunia.com/advisories/10797/
-
http://www.securityfocus.com/bid/9569
Exploit;Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2004-03/0154.html
Jump to