Lucene search

[email protected]CVE-2007-6234

HistoryDec 04, 2007 - 6:46 p.m.

CVE-2007-6234

2007-12-0418:46:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2007-6234

ftp admin

authentication bypass

remote code execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.

Affected configurations

NVD

Node

ftp_adminftp_adminMatch0.1.0

CPENameOperatorVersion
ftp_admin:ftp_adminftp admineq0.1.0

CPE	Name	Operator	Version
ftp_admin:ftp_admin	ftp admin	eq	0.1.0

References

secunia.com/advisories/27875

exchange.xforce.ibmcloud.com/vulnerabilities/38782

www.exploit-db.com/exploits/4681

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2007-6234

nvd1 prion1 cvelist1