Back to CVE Browser

CVE-2007-3647

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0530%

EPSS Percentile26.61th

PublishedJul 10, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Zoneo Soft

Phptraffica

= 1.4

📦

Zoneo Soft

Phptraffica

= 1.4.2

📦

Zoneo Soft

Phptraffica

= 1.4.3

References & Advisories

🔗 http://corryl.altervista.org/index.php?mod=read&id=1183748959

🔗 http://osvdb.org/37477

🔗 http://secunia.com/advisories/25976

🔗 http://securityreason.com/securityalert/2870

🔗 http://www.securityfocus.com/archive/1/473041/100/0/threaded

🔗 http://www.securityfocus.com/bid/24823

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35290

🔗 http://corryl.altervista.org/index.php?mod=read&id=1183748959

Related Vulnerabilities

CVE-2007-34287.5

Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file par...

CVE-2014-83407.5

SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute ar...

CVE-2007-10767.5

Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitra...

CVE-2007-34277.5

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL command...