Home > Vulnerability Database > CVE-2007-5109

Mend.io Vulnerability Database

CVE-2007-5109

Date: September 26, 2007

Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.

Severity Score

6.1

Related Resources (8)

Url: http://www.securityfocus.com/archive/1/480468/100/0/threaded

Url: http://secunia.com/advisories/26957

Url: http://www.securityfocus.com/bid/25817

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/36763

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-5109

Url: http://securityreason.com/securityalert/3176

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5109

Url: https://www.mend.io/vulnerability-database/CVE-2007-5109

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-5109

Date: September 26, 2007

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?