VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

VRDA-091117-001

XOOPS Profiles Activation Security Bypass Vulnerability

http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132

The problem is that any user not activated may request and receive their activation code via email by using the activation resend function. For those sites that require administrative approval, this is a bypass of the approval process and the administrator isn't even notified it occurred.

About This Analysis Information

Analysis Information Provider:

JPCERT/CC

First Published:

2009-11-17

Source Information Category:

Advisory, Alert

Last Updated:

2009-11-17

Affected Product Tags

lapt:/a:xoops:xoops (XOOPS)

Vulnerability Analysis Results

[Information Source Reliability]^[?]

Low^[?]

Medium^[?]

High^[?]

[Impact Level]^[?]

Low^[?]

Low-Medium^[?]

Medium-High^[?]

High^[?]

[Access Required]^[?]

Physical^[?]

Local^[?]

Non-routed^[?]

Routed^[?]

[Authentication]^[?]

Privileged^[?]

Standard^[?]

Limited^[?]

None or Unnecessary^[?]

[User Interaction Required]^[?]

Complex^[?]

Simple^[?]

None^[?]

[Technical Difficulty]^[?]

High^[?]

Medium-High^[?]

Low-Medium^[?]

Low^[?]

[Availability of Remediation]^[?]

Official Patch^[?]

Official Workaround^[?]

Unofficial Patch^[?]

None^[?]

[Incident Activity]^[?]

None^[?]

Exploit or PoC^[?]

Activity Observed^[?]

Alternatives

References