CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2713

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile36.72th
PublishedMay 16, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.

Affected Platforms (CPE)

πŸ“¦
Ifusionservices

Ifdate

= 2.0
πŸ“¦
Ifusionservices

Ifdate

= 2.0.3

References & Advisories

πŸ”— http://osvdb.org/36173
πŸ”— http://secunia.com/advisories/25237
πŸ”— http://securityreason.com/securityalert/2707
πŸ”— http://www.expw0rm.com/ifdate-2-unauthorized-administrative-access-bug_no285.html
πŸ”— http://www.securityfocus.com/archive/1/468545/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/23971
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34257
πŸ”— http://osvdb.org/36173

Related Vulnerabilities

CVE-2008-71146.8

SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute ...

CVE-2006-26645.8

Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) ...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...