Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flatnuke | Flatnuke | 2.6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/26957
- http://securityreason.com/securityalert/3176
- http://www.securityfocus.com/archive/1/480468/100/0/threaded
- http://www.securityfocus.com/bid/25817
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36763
- http://secunia.com/advisories/26957
- http://securityreason.com/securityalert/3176
- http://www.securityfocus.com/archive/1/480468/100/0/threaded
- http://www.securityfocus.com/bid/25817
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36763
FAQ
What is CVE-2007-5109?
CVE-2007-5109 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user para...
How severe is CVE-2007-5109?
CVE-2007-5109 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5109?
Check the references section above for vendor advisories and patch information. Affected products include: Flatnuke Flatnuke.