Home > Vulnerability Database > CVE-2007-5109

Mend.io Vulnerability Database

CVE-2007-5109

Date: September 26, 2007

Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.

Severity Score

9.3

Related Resources (8)

Url: http://www.securityfocus.com/archive/1/480468/100/0/threaded

Url: http://secunia.com/advisories/26957

Url: http://www.securityfocus.com/bid/25817

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/36763

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-5109

Url: http://securityreason.com/securityalert/3176

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5109

Url: https://www.mend.io/vulnerability-database/CVE-2007-5109

Severity Score

9.3

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3

Base Score:	9.3
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE

CVSS v2

Base Score:	9.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-5109

Date: September 26, 2007

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?