CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5109

Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.4%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/26957
http://securityreason.com/securityalert/3176
http://www.securityfocus.com/archive/1/480468/100/0/threaded
http://www.securityfocus.com/bid/25817
https://exchange.xforce.ibmcloud.com/vulnerabilities/36763
http://secunia.com/advisories/26957
http://securityreason.com/securityalert/3176
http://www.securityfocus.com/archive/1/480468/100/0/threaded
http://www.securityfocus.com/bid/25817
https://exchange.xforce.ibmcloud.com/vulnerabilities/36763

Products affected by CVE-2007-5109

Flatnuke » Flatnuke » Version: 2.6

cpe:2.3:a:flatnuke:flatnuke:2.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5109

Products

Pricing

Contact Us