CVE-2000-0944

high-risk

Published 2000-12-19

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.

Do I need to act?

10.7% chance of exploitation in next 30 days

EPSS score — higher than 89% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

179

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Script Center News Update

Affected Vendors

Cgi

References (6)

Broken Link http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html

Broken Link http://www.securityfocus.com/bid/1881

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/5433

Broken Link http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html

Broken Link http://www.securityfocus.com/bid/1881

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/5433

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 18/34 · Moderate

Exposure 5/34 · Minimal