CVE-2003-0588

{"id": "CVE-2003-0588", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-18T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=105839007002993&w=2", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password."}, {"lang": "es", "value": "admin.php en Digi-news 1.1 permite a atacantes remotos saltarse la autenticaci\u00f3n mediante una galletita (cookie) con el nombre de usuario establecido al nombre del administrador, lo que satisface una condici\u00f3n inapropiada en admin.php de no requerir una contrase\u00f1a correcta."}], "lastModified": "2016-10-18T02:35:40.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:digi-fx:digi-news:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AA0F0FD-5139-4399-9659-A0E5C32AFA12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}