CVE-2007-6399
Flat PHP Board 1.2 - Multiple Vulnerabilities
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.
index.php de Flat PHP Board 1.2 y versiones anteriores permite a usuarios remotos autenticados obtener la contraseña para la cuenta actual de usuario al leer el valor del parámetro password en el código fuente HTML para la página generada por una acción profile.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-12-17 CVE Reserved
- 2007-12-17 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/44118 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/484803/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26782 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4705 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Myupb Search vendor "Myupb" | Flat Php Board Search vendor "Myupb" for product "Flat Php Board" | <= 1.2 Search vendor "Myupb" for product "Flat Php Board" and version " <= 1.2" | - |
Affected
| ||||||