CVE-2000-0688

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

Published: Oct 20, 2000
Updated: Apr 13, 2023
CVE: CVE-2000-0688
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cgi_script_center / subscribe_me_lite	2.0	2.0.x

http://archives.neohapsis.com/archives/bugtraq/2000-08/0292.html
http://marc.info/?l=bugtraq&m=96722957421029&w=2
http://www.cgiscriptcenter.com/subscribe/
http://www.securityfocus.com/bid/1607

Vulnerability Database

290,020

CVE-2000-0688