CVE-2008-5708

high

Description

redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.

References

https://www.exploit-db.com/exploits/6729

https://exchange.xforce.ibmcloud.com/vulnerabilities/45824

http://www.securityfocus.com/bid/31736

http://securityreason.com/securityalert/4804

Details

Source: Mitre, NVD

Published: 2008-12-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.01823