Lucene search

[email protected]CVE-2007-4637

HistoryAug 31, 2007 - 11:17 p.m.

CVE-2007-4637

2007-08-3123:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4637

xgb 2.0

authentication bypass

remote attackers

admin edit action

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON

xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.

Affected configurations

NVD

Node

xgbxgbMatch2.0

CPENameOperatorVersion
xgb:xgbxgbeq2.0

CPE	Name	Operator	Version
xgb:xgb	xgb	eq	2.0

References

www.exploit-db.com/exploits/4336

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2007-4637

prion1 nvd1 cvelist1