CVE-2000-0688

Subscribe Me LITE - Privilege Escalation

Title source: llm

Description

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by n30 · htmlremotecgi

https://www.exploit-db.com/exploits/20177

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by teleh0r · perlremotecgi

https://www.exploit-db.com/exploits/20176

View Code ZIP pw:eip

References (4)

[Various Sources] http://www.cgiscriptcenter.com/subscribe/

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/1607

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-08/0292.html

[Mailing List] http://marc.info/?l=bugtraq&m=96722957421029&w=2

Scores

EPSS 0.0678

EPSS Percentile 91.3%

Details

Status published

Products (1)

cgi_script_center/subscribe_me_lite 2.0

Published Oct 20, 2000

Tracked Since Feb 18, 2026