|
|
CVE Reference: CVE-2007-5913 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-5913 |
|
|
Description: dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/38269 SREASON http://securityreason.com/securityalert/3358 SAID Secunia Advisory: SA27533 OSVDB 42069 MISC http://mgsdl.free.fr/?1:33 MILW0RM http://www.milw0rm.com/exploits/4608 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483268/100/0/threaded BID 26332 |
|
| Return to the previous page. |
