NetRisk Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with NetRisk and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to bypass security restrictions and change the password of arbitrary users via direct request. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The vulnerability is caused because the application does not properly restrict access to 'admin/change_submit.php'.

Affected

NetRisk version 1.9.7 and prior.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/27150.pl
http://www.security-database.com/detail.php?alert=CVE-2008-7155
http://xforce.iss.net/xforce/xfdb/39465

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7155

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A-Blog 'sources/search.php' SQL Injection Vulnerability
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Atmail Multiple Unspecified Security Vulnerabilities.
ApPHP MicroBlog Remote Code Execution Vulnerability
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities