Lucene search

[email protected]CVE-2007-3611

HistoryJul 06, 2007 - 7:30 p.m.

CVE-2007-3611

2007-07-0619:30:00

[email protected]

web.nvd.nist.gov

vrnews

admin.php

authentication bypass

cve-2007-3611

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.

Affected configurations

NVD

Node

vrnewsvrnewsMatch1.1.1

CPENameOperatorVersion
vrnews:vrnewsvrnewseq1.1.1

CPE	Name	Operator	Version
vrnews:vrnews	vrnews	eq	1.1.1

References

osvdb.org/45787

exchange.xforce.ibmcloud.com/vulnerabilities/35271

www.exploit-db.com/exploits/4150

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2007-3611

prion1 nvd1 cvelist1