CVE-2007-5109

Published Sep 26, 2007

Last updated 6 years ago

Overview

Description: Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:flatnuke:flatnuke:2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44F13376-627B-4CDA-AB02-9ED307D176E9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References