Lucene search

[email protected]CVE-2007-6399

HistoryDec 17, 2007 - 6:46 p.m.

CVE-2007-6399

2007-12-1718:46:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2007-6399

html source

remote authentication

password parameter

security vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.

Affected configurations

NVD

Node

myupbflat_php_boardRange≤1.2

CPENameOperatorVersion
myupb:flat_php_boardmyupb flat php boardle1.2

CPE	Name	Operator	Version
myupb:flat_php_board	myupb flat php board	le	1.2

References

osvdb.org/44118

www.securityfocus.com/archive/1/484803/100/100/threaded

www.securityfocus.com/bid/26782

www.exploit-db.com/exploits/4705

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2007-6399

prion1 nvd1 cvelist1