CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-6234

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0330%
EPSS Percentile33.65th
Published2007年12月4日
Last Modified2026年4月23日

Vulnerability Description

index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.

Affected Platforms (CPE)

📦
Ftp Admin

Ftp Admin

= 0.1.0

References & Advisories

🔗 http://secunia.com/advisories/27875
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/38782
🔗 https://www.exploit-db.com/exploits/4681
🔗 http://secunia.com/advisories/27875
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/38782
🔗 https://www.exploit-db.com/exploits/4681

関連する脆弱性情報

CVE-2018-174409.8

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default ...

CVE-2013-26459.3

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow...

CVE-2017-68038.8

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) F...

CVE-2020-94707.8

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, ...