CVE-2007-4416
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/08/2007
Last modified:
07/08/2024
Description
captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:jemjabella:bellabook:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page