CVE-2007-3907
Published Jul 19, 2007
Last updated 6 years ago
Overview
- Description
- Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD7ED5DA-88DB-4E0A-A262-B9F3BC48B4CF"
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D335759B-9C72-4461-976A-35C9A89216A5"
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E62585F-86AB-4CBF-B79D-14EC51DDDBAD"
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B0CBE0F-477A-46BC-AE59-F794861DBDAA"
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EC55F2F-AE95-48EF-8A0E-42472755F16F"
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1A5301B-B9AE-442F-9792-574B062D3F4E"
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14C4D433-BE8A-47FF-9FDA-36D532E1AAC3"
}
],
"operator": "OR"
}
]
}
]