CVE-2007-2713

2007-05-1610:00:00

mitre

www.cve.org

AI Score

6.6

Confidence

Low

EPSS

0.025

Percentile

90.2%

JSON

ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.

References

osvdb.org/36173

secunia.com/advisories/25237

securityreason.com/securityalert/2707

www.expw0rm.com/ifdate-2-unauthorized-administrative-access-bug_no285.html

www.securityfocus.com/archive/1/468545/100/0/threaded

www.securityfocus.com/bid/23971

exchange.xforce.ibmcloud.com/vulnerabilities/34257