Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4416

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4416
Last Modified 15 Nov 2008 01:56:55
Published 18 Aug 2007 05:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4416

Summary

** DISPUTED ** captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application.

Vulnerable Systems

Application

  • Jemjabella Bellabook


References

BUGTRAQ - 20070801 Re: BellaBook Admin Bypass/Remote Code Execution

BUGTRAQ - 20070731 BellaBook Admin Bypass/Remote Code Execution

OSVDB - 42506


Last Updated: 27 May 2016 10:45:51