CVE-2007-3591

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/37819
http://secunia.com/advisories/25926	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118	Patch
http://www.securityfocus.com/bid/24763
https://exchange.xforce.ibmcloud.com/vulnerabilities/35261

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elite_bulletin_board:elite_bulletin_board:1.0.8:::::::*
	cpe:2.3:a:elite_bulletin_board:elite_bulletin_board:1.0.9:::::::*

History

No history.

Information

Published : 2007-07-06 18:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-3591

Mitre link : CVE-2007-3591

CVE.ORG link : CVE-2007-3591

JSON object : View

Products Affected

elite_bulletin_board

elite_bulletin_board

CWE

NVD-CWE-Other

{"id": "CVE-2007-3591", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-06T18:30:00.000", "references": [{"url": "http://osvdb.org/37819", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25926", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24763", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35261", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to \"a remote form,\" probably related to direct requests and missing authorization checks."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el Profile.php del Elite Bulletin Board anetiror al 1.0.10 permite a atacantes remotos modificar la informaci\u00f3n del perfil a trav\u00e9s de vectores sin especificar, relacionado con un \"formulario remoto\" y probablemente relacionado con peticiones directas y con la p\u00e9rdida de controles de autorizaci\u00f3n."}], "lastModified": "2017-07-29T01:32:24.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elite_bulletin_board:elite_bulletin_board:1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F4F1C79-9C5C-4B8C-84E2-9E67320F581B"}, {"criteria": "cpe:2.3:a:elite_bulletin_board:elite_bulletin_board:1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E412EA7-D786-49D5-9891-3504EDCC2D9A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}