CVE-2002-1427 - Vulnerability Details - OpenCVE

The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Easy Scripts Archive	Advanced Easy Homepage Creator Easy Homepage Creator

Configuration 1 [-]

OR	cpe:2.3:a:easy_scripts_archive:advanced_easy_homepage_creator:1.0:::::::*
	cpe:2.3:a:easy_scripts_archive:easy_homepage_creator:1.0:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html
http://www.iss.net/security_center/static/9696.php
http://www.securityfocus.com/bid/5340

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-03-18T05:00:00

Updated: 2024-08-08T03:26:28.740Z

Reserved: 2003-02-05T00:00:00

Link: CVE-2002-1427

Vulnrichment

No data.

NVD

Status : Modified

Published: 2003-04-11T04:00:00.000

Modified: 2024-11-20T23:41:16.877

Link: CVE-2002-1427

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-07-27T00:00:00", "descriptions": [{"lang": "en", "value": "The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-21T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "easy-homepage-gain-access(9696)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9696.php"}, {"name": "5340", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5340"}, {"name": "20020727 Easy Homepage Creator Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1427", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "easy-homepage-gain-access(9696)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9696.php"}, {"name": "5340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5340"}, {"name": "20020727 Easy Homepage Creator Vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:26:28.740Z"}, "title": "CVE Program Container", "references": [{"name": "easy-homepage-gain-access(9696)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/9696.php"}, {"name": "5340", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/5340"}, {"name": "20020727 Easy Homepage Creator Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1427", "datePublished": "2003-03-18T05:00:00", "dateReserved": "2003-02-05T00:00:00", "dateUpdated": "2024-08-08T03:26:28.740Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:easy_scripts_archive:advanced_easy_homepage_creator:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "535FD4F3-23B3-400E-B609-2BC6BAF4A795", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_scripts_archive:easy_homepage_creator:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E11B3D7-9C63-4CBF-B3D3-85A998AD4C6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users."}, {"lang": "es", "value": "La funci\u00f3n print_html_to_file en edit.cgi de Easy Homepage Creator 1.0 no comprueba credenciales de usuaurio, lo que permite a atacantes remotos modificar p\u00e1ginas de otros usuarios."}], "id": "CVE-2002-1427", "lastModified": "2024-11-20T23:41:16.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-04-11T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/9696.php"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/5340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/9696.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/5340"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}