Lucene search

K
cve[email protected]CVE-2007-5835
HistoryNov 05, 2007 - 7:46 p.m.

CVE-2007-5835

2007-11-0519:46:00
CWE-264
web.nvd.nist.gov
15
install.php
bosdev bosnews
authentication bypass
remote attackers
denial of service
administrative access
cve-2007-5835
nvd

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.5%

Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.5%

Related for CVE-2007-5835