| VID |
21332 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mensajeitor software, according to its version number, has a privilege escalation vulnerability.
Mensajeitor versions 1.8.9 r1 and earlier could allow a remote attacker to impersonate a user from the administrative group and post messages to the Web site as if he was the administrator by providing a default value for the $AdminNick parameter. A remote attacker could also use this vulnerability to launch further attacks against the affected system, such as HTML and SQL injection attacks.
* Note: This check solely relied on the version of the remote Mensajeitor software to assess this vulnerability, so this might be a False Positive.
* References:
http://www.securiteam.com/unixfocus/5UP0R0ADFW.html
* Platforms Affected:
Mensajeitor 1.8.9 r1 and earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of August 2004.
Upgrade to the latest version of Mensajeitor, when new fixed version (6.24 or later) becomes available from the Mensajeitor Web site at http://www.mensajeitor.com/ |
| Related URL |
(CVE) |
| Related URL |
10774 (SecurityFocus) |
| Related URL |
16753 (ISS) |
|
