CVE-2008-4616

EPSS 4%
Veröffentlicht 20.10.2008 18:14:04
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Spambam <= 2.1 - Authorization Bypass

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.

Mögliche Gegenmaßnahme

SpamBam: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt SpamBam

Version * - 2.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

The Spanner ≫ Spambam Plugin

Wordpress ≫ Spambam Plugin

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4%	0.88

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://securityreason.com/securityalert/4438

http://www.securityfocus.com/archive/1/486333/100/200/threaded

http://www.securityfocus.com/bid/27291

https://exchange.xforce.ibmcloud.com/vulnerabilities/39690

https://www.wordfence.com/threat-intel/vulnerabilities/id/835b254a-9135-4b9d-8607-7122304601bc

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-4616

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4616

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4616

EUVD