Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4157


Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4157
Last Modified 15 Nov 2008 01:56:03
Published 03 Aug 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.

Vulnerable Systems


  • Phpblogger Php-blogger 2.2.7


BUGTRAQ - 20070728 PHPBlogger cookie privilege escalation

OSVDB - 38707

OSVDB - 38706

SREASON - 2957

SECUNIA - 26262


Last Updated: 27 May 2016 10:45:46