Vulnerability in Archilles Newsworld
CVE-2005-3435
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
EPSS: 0.023 (81.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Archilles Newsworld
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_SECUNIA, Broken Link, Vendor Advisory, third-party-advisory)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ, Mailing List)
Frequently asked questions
- What is CVE-2005-3435?
- CVE-2005-3435 is a critical-severity vulnerability in Archilles Newsworld, classified under Insufficiently Protected Credentials. CVSS score: 9.8/10. Published 2005-11-02.
- How severe is CVE-2005-3435?
- Critical severity. CVSS v3 base score is 9.8 out of 10.