Lucene search

[email protected]CVE-2007-2860

HistoryMay 24, 2007 - 7:30 p.m.

CVE-2007-2860

2007-05-2419:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2860

boastmachine 3.0 platinum

remote authentication

privilege escalation

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.3%

JSON

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.

Affected configurations

NVD

Node

boastmachineboastmachineMatch3.0platinum

CPENameOperatorVersion
boastmachine:boastmachineboastmachineeq3.0

CPE	Name	Operator	Version
boastmachine:boastmachine	boastmachine	eq	3.0

References

osvdb.org/41027

securityreason.com/securityalert/2736

www.securityfocus.com/archive/1/469226/100/0/threaded

www.securityfocus.com/bid/24096

exchange.xforce.ibmcloud.com/vulnerabilities/34462

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.3%

JSON

Related for CVE-2007-2860

prion1 cvelist1 nvd1