Vulnerability Details : CVE-2007-4419
Potential exploit
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
Vulnerability category: BypassGain privilege
Products affected by CVE-2007-4419
- cpe:2.3:a:olate:olatedownload:3.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4419
9.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4419
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-4419
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4419
-
http://www.securityfocus.com/archive/1/476760/100/0/threaded
-
http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
-
http://securityreason.com/securityalert/3028
-
http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628
-
http://www.securityfocus.com/bid/25343
Exploit
-
http://sourceforge.net/forum/forum.php?forum_id=727807
-
http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36088
-
http://www.securityfocus.com/archive/1/477223/100/0/threaded
Jump to