CVE-2008-6774

{"id": "CVE-2008-6774", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-29T18:30:00.313", "references": [{"url": "http://secunia.com/advisories/33272", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47566", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33272", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47566", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "internettoolbar/edit.php en YourPlace v1.0.2 y anteriores no termina la ejecuci\u00f3n cuando un usuario no v\u00e1lido es detectado, lo cual permite a atacantes remotos eludir las restricciones y editar la configuraci\u00f3n de la barra de herramientas a trav\u00e9s de un nombre de usuario no v\u00e1lido. NOTA: la procedencia de esta informaci\u00f3n es desconocida, los detalles son obtenidos exclusivamente de la informaci\u00f3n de terceros."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:peterselie:yourplace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "856DD089-E3A0-408A-8C9F-0A587D0AE7E3", "versionEndIncluding": "1.0.2"}, {"criteria": "cpe:2.3:a:peterselie:yourplace:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77583454-EBFD-451B-9632-3503B1F45D84"}, {"criteria": "cpe:2.3:a:peterselie:yourplace:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE0839B7-9337-425E-AEA3-3F802D3BBDD9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}