CVE-2007-5374

cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/27164
http://www.securityfocus.com/bid/25990
https://exchange.xforce.ibmcloud.com/vulnerabilities/37050
https://www.exploit-db.com/exploits/4505
http://secunia.com/advisories/27164
http://www.securityfocus.com/bid/25990
https://exchange.xforce.ibmcloud.com/vulnerabilities/37050
https://www.exploit-db.com/exploits/4505

Configurations

Configuration 1 (hide)

cpe:2.3:a:lightblog:lightblog:8.4.1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:37

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/27164 -~~	() http://secunia.com/advisories/27164 -
References	~~() http://www.securityfocus.com/bid/25990 -~~	() http://www.securityfocus.com/bid/25990 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/37050 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/37050 -
References	~~() https://www.exploit-db.com/exploits/4505 -~~	() https://www.exploit-db.com/exploits/4505 -

Information

Published : 2007-10-11 10:17

Updated : 2024-11-21 00:37

NVD link : CVE-2007-5374

Mitre link : CVE-2007-5374

CVE.ORG link : CVE-2007-5374

JSON object : View

Products Affected

lightblog

lightblog

CWE

CWE-287

Improper Authentication

{"id": "CVE-2007-5374", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-11T10:17:00.000", "references": [{"url": "http://secunia.com/advisories/27164", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25990", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37050", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4505", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27164", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25990", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37050", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/4505", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account."}, {"lang": "es", "value": "El cp_memberedit.php del LightBlog 8.4.1.1 no verifica las credenciales del administrados cuando se procesa una acci\u00f3n admin, lo que permite a usuarios remotos autenticados incrementar los privilegios de cualquier cuenta."}], "lastModified": "2024-11-21T00:37:45.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lightblog:lightblog:8.4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BBBCF6F-6DBF-463A-A824-422B0D1B3BFA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}