Lucene search

[email protected]CVE-2007-2249

HistoryApr 25, 2007 - 4:19 p.m.

CVE-2007-2249

2007-04-2516:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

phorum

control center

cve-2007-2249

user privileges

security vulnerability

7.3 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

CPENameOperatorVersion
phorum:phorumphorumle5.1.20

CPE	Name	Operator	Version
phorum:phorum	phorum	le	5.1.20

References

osvdb.org/35059

secunia.com/advisories/24932

securityreason.com/securityalert/2617

www.phorum.org/story.php?76

www.securityfocus.com/archive/1/466286/100/0/threaded

www.securityfocus.com/bid/23616

www.securitytracker.com/id?1017936

www.vupen.com/english/advisories/2007/1479

www.waraxe.us/advisory-49.html

7.3 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2007-2249

cvelist1 prion1