CVE-2007-4416

Опубликовано: 18 авг. 2007

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jemjabella:bellabook:*:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.0176

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-25fg-g2mr-9f28

github

почти 4 года назад

** DISPUTED ** captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application.