NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-09-02T17:00:00
Updated: 2024-08-07T11:56:14.313Z
Reserved: 2009-09-02T00:00:00
Link: CVE-2008-7155
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-09-02T17:30:00.377
Modified: 2017-08-17T01:29:51.457
Link: CVE-2008-7155
Redhat
No data.