Nukedit register.asp security bypass
| nukedit-register-security-bypass (26951) |  Medium Risk |
Description:
Nukedit could allow a remote attacker to bypass security and create new users in arbitrary groups caused by a vulnerability in the utilities/register.asp script. By sending a specially-crafted request using the "groupid' parameter a remote attacker could bypass security and create new users in arbitrary groups including the administrative group.
Consequences:
Gain Access
Remedy:
No remedy available as of February 6, 2010.
References:
- BugTraq Mailing List, Mon May 29 2006 - 14:09:53 CDT : [KAPDA::#46] - Nukedit Unauthorized Admin Add.
- Nukedit Web site: Start Menu - Free Content Management CMS.
- BID-18157: Nukedit Register.ASP Unauthorized Access Vulnerability
- CVE-2006-2737: utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
- SA20348: Nukedit "groupid" Parameter Administrator Register Vulnerability
- VUPEN/ADV-2006-2052: Nukedit groupid Variable Handling Administrative Account Creation Vulnerability
Platforms Affected:
- Nukedit Nukedit 4.9.6 and prior
Reported:
May 29, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net