Vulnerability in Archilles Newsworld

CVE-2005-3435

admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.

EPSS: 0.023 (81.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
  • cve@mitre.org (x_refsource_SECUNIA, Broken Link, Vendor Advisory, third-party-advisory)
  • cve@mitre.org (mailing-list, x_refsource_BUGTRAQ, Mailing List)

Frequently asked questions

What is CVE-2005-3435?
CVE-2005-3435 is a critical-severity vulnerability in Archilles Newsworld, classified under Insufficiently Protected Credentials. CVSS score: 9.8/10. Published 2005-11-02.
How severe is CVE-2005-3435?
Critical severity. CVSS v3 base score is 9.8 out of 10.