CVE-2007-6399 : index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.

Published 2007-12-17 18:46:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-6399

Myupb » Flat Php Board
Versions up to, including, (<=) 1.2
cpe:2.3:a:myupb:flat_php_board:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-6399

EPSS FAQ

2.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-6399

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-6399

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-6399

Jump to

Vulnerability Details : CVE-2007-6399

Products affected by CVE-2007-6399

Exploit prediction scoring system (EPSS) score for CVE-2007-6399

CVSS scores for CVE-2007-6399

CWE ids for CVE-2007-6399

References for CVE-2007-6399