CVE-2008-4245

The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
rianxosencabos_cmsrianxosencabos_cms
0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/4311
http://www.securityfocus.com/bid/31296
https://exchange.xforce.ibmcloud.com/vulnerabilities/45290
https://www.exploit-db.com/exploits/6513
http://securityreason.com/securityalert/4311
http://www.securityfocus.com/bid/31296
https://exchange.xforce.ibmcloud.com/vulnerabilities/45290
https://www.exploit-db.com/exploits/6513