exploitDog

CVE-2007-3907

Опубликовано: 19 июл. 2007

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01813

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-47x7-rp2q-7phv

github

почти 4 года назад

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

EPSS

Процентиль: 82%

0.01813

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo