_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-03-16T16:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2009-03-16T00:00:00
Link: CVE-2008-6473
JSON object: View
NVD Information
Status : Modified
Published: 2009-03-16T16:30:00.267
Modified: 2018-10-11T20:57:15.433
Link: CVE-2008-6473
JSON object: View
Redhat Information
No data.
CWE