CVE-2007-2822

Sažetak

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.

Reference

http://osvdb.org/36520
http://secunia.com/advisories/25358
http://www.vupen.com/english/advisories/2007/1903
http://www.wavelinkmedia.com/scripts/tutorialcms/
https://exchange.xforce.ibmcloud.com/vulnerabilities/34401
https://www.exploit-db.com/exploits/3963

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2017 - 01:32

Objavljeno

22-05-2007 - 21:30