CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6234

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0330%
EPSS Percentile33.65th
PublishedDec 4, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.

Affected Platforms (CPE)

πŸ“¦
Ftp Admin

Ftp Admin

= 0.1.0

References & Advisories

πŸ”— http://secunia.com/advisories/27875
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/38782
πŸ”— https://www.exploit-db.com/exploits/4681
πŸ”— http://secunia.com/advisories/27875
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/38782
πŸ”— https://www.exploit-db.com/exploits/4681

Related Vulnerabilities

CVE-2018-174409.8

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default ...

CVE-2013-26459.3

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow...

CVE-2017-68038.8

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) F...

CVE-2020-94707.8

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, ...