Lucene search

[email protected]CVE-2007-0806

HistoryFeb 07, 2007 - 11:28 a.m.

CVE-2007-0806

2007-02-0711:28:00

[email protected]

web.nvd.nist.gov

cve

2007

0806

les news

authentication bypass

administrative access

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.

Affected configurations

NVD

Node

les_newsles_newsMatch2.2

CPENameOperatorVersion
les_news:les_newsles newseq2.2

CPE	Name	Operator	Version
les_news:les_news	les news	eq	2.2

References

forums.avenir-geopolitique.net/viewtopic.php?t=2622

osvdb.org/33686

securityreason.com/securityalert/2226

www.securityfocus.com/archive/1/459186/100/0/threaded

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2007-0806

cvelist1 nvd1 prion1 securityvulns1