CVE Reference: CVE-2007-4240

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-4240

Description:
The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/35833

SAID
  Secunia Advisory: SA26352

OSVDB
  39400

BID
  25225


Return to the previous page.