CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVE-2017-20063 (GCVE-0-2017-20063)
Vulnerability from cvelistv5 – Published: 2022-06-20 04:50 – Updated: 2025-04-15 14:19
VLAI
Title
Elefant CMS File Upload drop privileges management
Summary
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Feb/39 | x_refsource_MISC |
| https://vuldb.com/?id.97260 | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.97260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20063",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:29.626891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:19:12.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "Elefant",
"versions": [
{
"status": "affected",
"version": "1.3.12-RC"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tim Coen"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T04:50:34.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.97260"
}
],
"title": "Elefant CMS File Upload drop privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20063",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Elefant CMS File Upload drop privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "1.3.12-RC"
}
]
}
}
]
},
"vendor_name": "Elefant"
}
]
}
},
"credit": "Tim Coen",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/39",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/39"
},
{
"name": "https://vuldb.com/?id.97260",
"refsource": "MISC",
"url": "https://vuldb.com/?id.97260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20063",
"datePublished": "2022-06-20T04:50:34.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:19:12.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20068 (GCVE-0-2017-20068)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:18
VLAI
Title
Hindu Matrimonial Script usermanagement.php privileges management
Summary
A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95408 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95408"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:15.733401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:18:21.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:41.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95408"
}
],
"title": "Hindu Matrimonial Script usermanagement.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20068",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script usermanagement.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95408",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20068",
"datePublished": "2022-06-21T06:05:42.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:18:21.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20069 (GCVE-0-2017-20069)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:18
VLAI
Title
Hindu Matrimonial Script countrymanagement.php privileges management
Summary
A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95409 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95409"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20069",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:10.341522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:18:10.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:43.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95409"
}
],
"title": "Hindu Matrimonial Script countrymanagement.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20069",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script countrymanagement.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95409",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20069",
"datePublished": "2022-06-21T06:05:43.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:18:10.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20070 (GCVE-0-2017-20070)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:17
VLAI
Title
Hindu Matrimonial Script communitymanagement.php privileges management
Summary
A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95410 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95410"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20070",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:06.335306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:17:59.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:45.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95410"
}
],
"title": "Hindu Matrimonial Script communitymanagement.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20070",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script communitymanagement.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95410",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20070",
"datePublished": "2022-06-21T06:05:45.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:17:59.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20071 (GCVE-0-2017-20071)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:17
VLAI
Title
Hindu Matrimonial Script renewaldue.php privileges management
Summary
A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95411 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95411"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20071",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:02.402749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:17:47.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:47.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95411"
}
],
"title": "Hindu Matrimonial Script renewaldue.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20071",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script renewaldue.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95411",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20071",
"datePublished": "2022-06-21T06:05:47.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:17:47.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20072 (GCVE-0-2017-20072)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:17
VLAI
Title
Hindu Matrimonial Script generalsettings.php privileges management
Summary
A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95412 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95412"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20072",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:09:57.734179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:17:34.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:49.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95412"
}
],
"title": "Hindu Matrimonial Script generalsettings.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20072",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script generalsettings.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95412",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20072",
"datePublished": "2022-06-21T06:05:49.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:17:34.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20073 (GCVE-0-2017-20073)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:17
VLAI
Title
Hindu Matrimonial Script cms.php privileges management
Summary
A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95413 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95413"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20073",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:09:53.120649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:17:23.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:51.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95413"
}
],
"title": "Hindu Matrimonial Script cms.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20073",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script cms.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95413",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20073",
"datePublished": "2022-06-21T06:05:51.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:17:23.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20074 (GCVE-0-2017-20074)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:17
VLAI
Title
Hindu Matrimonial Script newsletter1.php privileges management
Summary
A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95414 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95414"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20074",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:09:47.239899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:17:13.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:52.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95414"
}
],
"title": "Hindu Matrimonial Script newsletter1.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20074",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script newsletter1.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95414",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20074",
"datePublished": "2022-06-21T06:05:53.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:17:13.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20075 (GCVE-0-2017-20075)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:17
VLAI
Title
Hindu Matrimonial Script payment.php privileges management
Summary
A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95415 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95415"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20075",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:09:43.422136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:17:02.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:55.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95415"
}
],
"title": "Hindu Matrimonial Script payment.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20075",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script payment.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95415",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20075",
"datePublished": "2022-06-21T06:05:55.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:17:02.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20076 (GCVE-0-2017-20076)
Vulnerability from cvelistv5 – Published: 2022-06-21 06:05 – Updated: 2025-04-15 14:16
VLAI
Title
Hindu Matrimonial Script searchview.php privileges management
Summary
A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41044/ | x_refsource_MISC |
| https://vuldb.com/?id.95416 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Hindu Matrimonial Script |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.95416"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:09:40.176320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:16:53.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hindu Matrimonial Script",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T06:05:56.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.95416"
}
],
"title": "Hindu Matrimonial Script searchview.php privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20076",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Hindu Matrimonial Script searchview.php privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hindu Matrimonial Script",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Ihsan Sencan",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/41044/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/41044/"
},
{
"name": "https://vuldb.com/?id.95416",
"refsource": "MISC",
"url": "https://vuldb.com/?id.95416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20076",
"datePublished": "2022-06-21T06:05:56.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:16:53.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.