Vulnerability Details CVE-2002-2175
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v2 Score 4.0
References
- http://marc.info/?l=bugtraq&m=102508071021631&w=2
- http://sourceforge.net/forum/forum.php?forum_id=188359
- http://www.iss.net/security_center/static/9417.php
- http://www.securityfocus.com/bid/5090
- http://marc.info/?l=bugtraq&m=102508071021631&w=2
- http://sourceforge.net/forum/forum.php?forum_id=188359
- http://www.iss.net/security_center/static/9417.php
- http://www.securityfocus.com/bid/5090
Products affected by CVE-2002-2175
-
cpe:2.3:a:php:phpsquidpass:-