CVE-2014-3006
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0055 (0.5%)
Percentil: 68.0%
EPSS: 2026-05-06
Afecta
sitepark:information_enterprise_serverDescripción técnica
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
Publicada: 2/5/2014, 14:55:07
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://seclists.org/fulldisclosure/2014/Apr/317
- http://www.securityfocus.com/archive/1/531986/100/0/threaded
- http://www.securityfocus.com/bid/67165
- https://www.lsexperts.de/advisories/lse-2014-04-10.txt
- http://seclists.org/fulldisclosure/2014/Apr/317
- http://www.securityfocus.com/archive/1/531986/100/0/threaded
- http://www.securityfocus.com/bid/67165
- https://www.lsexperts.de/advisories/lse-2014-04-10.txt