Lucene search

[email protected]NVD:CVE-2007-6237

HistoryDec 04, 2007 - 6:46 p.m.

CVE-2007-6237

2007-12-0418:46:00

CWE-287

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php.

Affected configurations

NVD

Node

deluxebbdeluxebbMatch1.09

References

secunia.com/advisories/27794

securityreason.com/securityalert/3416

www.securityfocus.com/archive/1/484205/100/0/threaded

www.securityfocus.com/bid/26572

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for NVD:CVE-2007-6237

cvelist2 cve2 prion1 nvd1