Overview
PHP-Nuke's saveuser() function does not adequately authenticate users. Attackers may exploit this vulnerability to change user data and gain access to accounts.
Description
PHP-Nuke is a set of PHP scripts designed to simplify web site creation and maintenance. PHP-Nuke's saveuser() function does not adequately authenticate users. As a result, attackers who know specific PHP-Nuke user ID's can exploit saveuser() to change PHP-Nuke user data such as email addresses. After changing a user's email address, attackers may request the user's password via email and gain full access to the PHP-Nuke account. |
Impact
Remote attackers may change user data and gain access to PHP-Nuke user accounts. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to venomous for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
| CVE IDs: | None |
| Severity Metric: | 2.14 |
| Date Public: | 2001-03-02 |
| Date First Published: | 2002-09-24 |
| Date Last Updated: | 2003-11-05 21:48 UTC |
| Document Revision: | 6 |