CVE-2004-2733

Current Description

Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.

Basic Data

PublishedDecember 31, 2004
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationWebwizWeb Wiz Forums7.7a******

Vulnerable Software List

VendorProductVersions
Webwiz Web Wiz Forums 7.7

References

NameSourceURLTags
20040430 Critical bug in Web Wiz Forumhttp://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.htmlFULLDISC
11525http://secunia.com/advisories/11525SECUNIAVendor Advisory
1010012http://securitytracker.com/id?1010012SECTRACK
5750http://www.osvdb.org/5750OSVDB
5751http://www.osvdb.org/5751OSVDB
10255http://www.securityfocus.com/bid/10255BID
webwizforums-popuptopicadmin-modify(16030)https://exchange.xforce.ibmcloud.com/vulnerabilities/16030XF
webwizforums-unauth-ip-blocking(16031)https://exchange.xforce.ibmcloud.com/vulnerabilities/16031XF