CVE DATABASE / CVE-2005-3435
CVE-2005-3435
CVSS 9.8 · CRITICAL
Summary
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Archilles newsworld
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=113018731120709&w=2
- http://secunia.com/advisories/17310/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22860
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.