Back to search
CVE-2007-5109
Published: Sep 26, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20070924 Arbitrary Command Inclusion
mailing-list
x_refsource_BUGTRAQ
25817
vdb-entry
x_refsource_BID
26957
third-party-advisory
x_refsource_SECUNIA
flatnuke-mod-security-bypass(36763)
vdb-entry
x_refsource_XF
3176
third-party-advisory
x_refsource_SREASON
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now