CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-2713

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile36.72th
Published2007年5月16日
Last Modified2026年4月23日

Vulnerability Description

ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.

Affected Platforms (CPE)

📦
Ifusionservices

Ifdate

= 2.0
📦
Ifusionservices

Ifdate

= 2.0.3

References & Advisories

🔗 http://osvdb.org/36173
🔗 http://secunia.com/advisories/25237
🔗 http://securityreason.com/securityalert/2707
🔗 http://www.expw0rm.com/ifdate-2-unauthorized-administrative-access-bug_no285.html
🔗 http://www.securityfocus.com/archive/1/468545/100/0/threaded
🔗 http://www.securityfocus.com/bid/23971
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/34257
🔗 http://osvdb.org/36173

相关漏洞威胁

CVE-2008-71146.8

SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute ...

CVE-2006-26645.8

Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) ...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...