CVE-2016-2296 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-2296

CWE

https://cwe.mitre.org/data/definitions/254.html

Meteocontrol WEBlog Basic 100, Light, Pro, and Pro Unlimited does not require authentication for post-admin login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Web’log_basic_100	Meteocontrol	- (including)	- (including)
Web’log_light	Meteocontrol	- (including)	- (including)
Web’log_pro	Meteocontrol	- (including)	- (including)
Web’log_pro_unlimited	Meteocontrol	- (including)	- (including)

References

http://seclists.org/fulldisclosure/2016/May/52
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
https://www.exploit-db.com/exploits/39822/