CVE-2007-3907

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/26121	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
http://www.ledgersmb.org/node/52
http://www.securityfocus.com/archive/1/473987/100/0/threaded
http://www.securityfocus.com/archive/1/473993/100/0/threaded
http://www.securityfocus.com/bid/24940
http://www.vupen.com/english/advisories/2007/2576
https://exchange.xforce.ibmcloud.com/vulnerabilities/35507
http://secunia.com/advisories/26121	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
http://www.ledgersmb.org/node/52
http://www.securityfocus.com/archive/1/473987/100/0/threaded
http://www.securityfocus.com/archive/1/473993/100/0/threaded
http://www.securityfocus.com/bid/24940
http://www.vupen.com/english/advisories/2007/2576
https://exchange.xforce.ibmcloud.com/vulnerabilities/35507

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:::::::*
	cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:::::::*
	cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:::::::*
	cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:::::::*
	cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:::::::*
	cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:::::::*
	cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:::::::*

History

21 Nov 2024, 00:34

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/26121 - Vendor Advisory~~	() http://secunia.com/advisories/26121 - Vendor Advisory
References	~~() http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965 -~~	() http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965 -
References	~~() http://www.ledgersmb.org/node/52 -~~	() http://www.ledgersmb.org/node/52 -
References	~~() http://www.securityfocus.com/archive/1/473987/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/473987/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/473993/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/473993/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/24940 -~~	() http://www.securityfocus.com/bid/24940 -
References	~~() http://www.vupen.com/english/advisories/2007/2576 -~~	() http://www.vupen.com/english/advisories/2007/2576 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35507 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35507 -

Information

Published : 2007-07-19 17:30

Updated : 2024-11-21 00:34

NVD link : CVE-2007-3907

Mitre link : CVE-2007-3907

CVE.ORG link : CVE-2007-3907

JSON object : View

Products Affected

ledgersmb

ledgersmb

CWE

NVD-CWE-noinfo

10.0 /10