CVE-2008-4427

changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
phlatlinepersonal_information_manager
𝑥
≤ 1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/31424
http://securityreason.com/securityalert/4349
http://www.securityfocus.com/bid/30627
https://exchange.xforce.ibmcloud.com/vulnerabilities/44389
https://www.exploit-db.com/exploits/6231
http://secunia.com/advisories/31424
http://securityreason.com/securityalert/4349
http://www.securityfocus.com/bid/30627
https://exchange.xforce.ibmcloud.com/vulnerabilities/44389
https://www.exploit-db.com/exploits/6231