CVE-2008-3303 - Vulnerability Details - OpenCVE

admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tuxplanet	Bilboblog

Configuration 1 [-]

cpe:2.3:a:tuxplanet:bilboblog:0.2.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/31054
http://securityreason.com/securityalert/4036
http://www.securityfocus.com/bid/30225
https://exchange.xforce.ibmcloud.com/vulnerabilities/43762
https://www.exploit-db.com/exploits/6073

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-25T13:18:00

Updated: 2024-08-07T09:37:25.546Z

Reserved: 2008-07-25T00:00:00

Link: CVE-2008-3303

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-07-25T13:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3303

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-17T00:00:00", "descriptions": [{"lang": "en", "value": "admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "31054", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31054"}, {"name": "6073", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6073"}, {"name": "30225", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30225"}, {"name": "bilboblog-login-auth-bypass(43762)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43762"}, {"name": "4036", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4036"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3303", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31054", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31054"}, {"name": "6073", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6073"}, {"name": "30225", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30225"}, {"name": "bilboblog-login-auth-bypass(43762)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43762"}, {"name": "4036", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4036"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:37:25.546Z"}, "title": "CVE Program Container", "references": [{"name": "31054", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31054"}, {"name": "6073", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6073"}, {"name": "30225", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30225"}, {"name": "bilboblog-login-auth-bypass(43762)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43762"}, {"name": "4036", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4036"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3303", "datePublished": "2008-07-25T13:18:00", "dateReserved": "2008-07-25T00:00:00", "dateUpdated": "2024-08-07T09:37:25.546Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tuxplanet:bilboblog:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "97429690-9059-4389-8CCB-5FE652B70282", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters."}, {"lang": "es", "value": "admin/login.php en BilboBlog 0.2.1, cuando register_globals est\u00e1 habilitado, permite a atacantes remotos evitar la autenticaci\u00f3n y obtener acceso como administrador mediante una solicitud directa que indique los par\u00e1metros login, admin_login, password y admin_passwd."}], "id": "CVE-2008-3303", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-25T13:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31054"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4036"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30225"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43762"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30225"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6073"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}