10

CVE-2007-3907

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LedgersmbLedgersmb Version1.2.0
LedgersmbLedgersmb Version1.2.1
LedgersmbLedgersmb Version1.2.2
LedgersmbLedgersmb Version1.2.3
LedgersmbLedgersmb Version1.2.4
LedgersmbLedgersmb Version1.2.5
LedgersmbLedgersmb Version1.2.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.96% 0.854
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/26121
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
http://www.ledgersmb.org/node/52
http://www.securityfocus.com/archive/1/473987/100/0/threaded
http://www.securityfocus.com/archive/1/473993/100/0/threaded
http://www.securityfocus.com/bid/24940
http://www.vupen.com/english/advisories/2007/2576
https://exchange.xforce.ibmcloud.com/vulnerabilities/35507