CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4416

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1760%
EPSS Percentile31.78th
PublishedAug 18, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application

Affected Platforms (CPE)

πŸ“¦
Jemjabella

Bellabook

All versions

References & Advisories

πŸ”— http://osvdb.org/42506
πŸ”— http://www.securityfocus.com/archive/1/475153/100/200/threaded
πŸ”— http://www.securityfocus.com/archive/1/475259/100/200/threaded
πŸ”— http://osvdb.org/42506
πŸ”— http://www.securityfocus.com/archive/1/475153/100/200/threaded
πŸ”— http://www.securityfocus.com/archive/1/475259/100/200/threaded

Related Vulnerabilities

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

CVE-2007-020110.0

Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbit...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-086310.0

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc...