Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5913

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5913
Last Modified 15 Nov 2008 02:02:38
Published 09 Nov 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5913

Summary

dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.

Vulnerable Systems

Application

  • Jean Charles Jbc Explorer 7.20 Rc1


References

XF - jbcexplorer-authinc-security-bypass(38269)

BID - 26332

BUGTRAQ - 20071104 JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit

MILW0RM - 4608

SECUNIA - 27533

OSVDB - 42069

MISC - http://mgsdl.free.fr/?1:33

SREASON - 3358


Last Updated: 27 May 2016 10:46:19