Vulnerability Description
captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jemjabella | Bellabook | All versions |
References
- http://osvdb.org/42506
- http://www.securityfocus.com/archive/1/475153/100/200/threaded
- http://www.securityfocus.com/archive/1/475259/100/200/threaded
- http://osvdb.org/42506
- http://www.securityfocus.com/archive/1/475153/100/200/threaded
- http://www.securityfocus.com/archive/1/475259/100/200/threaded
FAQ
What is CVE-2007-4416?
CVE-2007-4416 is a vulnerability with a CVSS score of 10.0 (HIGH). captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes t...
How severe is CVE-2007-4416?
CVE-2007-4416 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4416?
Check the references section above for vendor advisories and patch information. Affected products include: Jemjabella Bellabook.