CVE-2007-4416 : captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain admi

captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application

Published 2007-08-18 21:17:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-4416

Jemjabella » Bellabook
cpe:2.3:a:jemjabella:bellabook:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-4416

EPSS FAQ

0.74%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 71 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-4416

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-4416

Jump to

Vulnerability Details : CVE-2007-4416

Products affected by CVE-2007-4416

Exploit prediction scoring system (EPSS) score for CVE-2007-4416

CVSS scores for CVE-2007-4416

References for CVE-2007-4416