Lucene search

[email protected]NVD:CVE-2007-2985

HistoryJun 01, 2007 - 10:30 a.m.

CVE-2007-2985

2007-06-0110:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator’s username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.

Affected configurations

Nvd

Node

pheappheapMatch2.0

VendorProductVersionCPE
pheappheap2.0cpe:2.3:a:pheap:pheap:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pheap	pheap	2.0	cpe:2.3:a:pheap:pheap:2.0:::::::*

References

osvdb.org/36737

secunia.com/advisories/25460

exchange.xforce.ibmcloud.com/vulnerabilities/34592

www.exploit-db.com/exploits/4006

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

Related for NVD:CVE-2007-2985

prion1 cvelist1 cve1 exploitdb1