CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-4416

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1760%
EPSS Percentile31.78th
Published2007年8月18日
Last Modified2026年4月23日

Vulnerability Description

captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application

Affected Platforms (CPE)

📦
Jemjabella

Bellabook

All versions

References & Advisories

🔗 http://osvdb.org/42506
🔗 http://www.securityfocus.com/archive/1/475153/100/200/threaded
🔗 http://www.securityfocus.com/archive/1/475259/100/200/threaded
🔗 http://osvdb.org/42506
🔗 http://www.securityfocus.com/archive/1/475153/100/200/threaded
🔗 http://www.securityfocus.com/archive/1/475259/100/200/threaded

相關漏洞威脅

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-182310.0

T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling N...