CVE-2008-2348 - Vulnerability Details - OpenCVE

MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Meltingicefs	Meltingice File System

Configuration 1 [-]

cpe:2.3:a:meltingicefs:meltingice_file_system:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/29271
https://exchange.xforce.ibmcloud.com/vulnerabilities/42503
https://www.exploit-db.com/exploits/5648

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-05-20T10:00:00

Updated: 2024-08-07T08:58:02.391Z

Reserved: 2008-05-20T00:00:00

Link: CVE-2008-2348

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-05-20T17:20:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2348

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "5648", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5648"}, {"name": "29271", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29271"}, {"name": "meltingice-adduser-security-bypass(42503)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42503"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2008-2348", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "5648", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5648"}, {"name": "29271", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29271"}, {"name": "meltingice-adduser-security-bypass(42503)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42503"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:02.391Z"}, "title": "CVE Program Container", "references": [{"name": "5648", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5648"}, {"name": "29271", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29271"}, {"name": "meltingice-adduser-security-bypass(42503)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42503"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2348", "datePublished": "2008-05-20T10:00:00", "dateReserved": "2008-05-20T00:00:00", "dateUpdated": "2024-08-07T08:58:02.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:meltingicefs:meltingice_file_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B65497F-1EA9-496F-9CB2-B186599D8F9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php."}, {"lang": "es", "value": "MeltingIce File System 1.0 permite a atacantes remotos evitar la autenticaci\u00f3n de la aplicaci\u00f3n, crear nuevas cuentas de usuario y sobrepasar los l\u00edmites de la aplicaci\u00f3n mediante una petici\u00f3n directa a admin/adduser.php."}], "id": "CVE-2008-2348", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-05-20T17:20:00.000", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29271"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42503"}, {"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/5648"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42503"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/5648"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "[email protected]", "type": "Primary"}]}