CVE-2008-6772

Published: Apr 29, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.

Affected (3)

Products: Peterselie: Yourplace

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Peterselie Yourplace	Up to 1.0.2
Peterselie Yourplace	Version 1.0.1
Peterselie Yourplace	Version 1.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://secunia.com/advisories/33272

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/32971

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/47564

Source: cve@mitre.org

https://www.exploit-db.com/exploits/7545

Source: cve@mitre.org

http://secunia.com/advisories/33272

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/32971

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/47564

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/7545

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.