CVE-2007-4416 : captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the adm

captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application

Published 2007-08-18 21:17:00

Updated 2024-04-11 00:42:41

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-4416

Probability of exploitation activity in the next 30 days: 0.86%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-4416

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-4416

Products affected by CVE-2007-4416

Jemjabella » Bellabook
cpe:2.3:a:jemjabella:bellabook:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-4416

Exploit prediction scoring system (EPSS) score for CVE-2007-4416

CVSS scores for CVE-2007-4416

References for CVE-2007-4416

Products affected by CVE-2007-4416