Lucene search

MitreCVE-2007-5374

HistoryOct 11, 2007 - 10:17 a.m.

CVE-2007-5374

2007-10-1110:17:00

CWE-287

mitre

web.nvd.nist.gov

lightblog

8.4.1.1

privilege escalation

vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.009

Percentile

83.0%

JSON

cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.

Affected configurations

Nvd

Node

lightbloglightblogMatch8.4.1.1

VendorProductVersionCPE
lightbloglightblog8.4.1.1cpe:2.3:a:lightblog:lightblog:8.4.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lightblog	lightblog	8.4.1.1	cpe:2.3:a:lightblog:lightblog:8.4.1.1:::::::*

References

secunia.com/advisories/27164

www.securityfocus.com/bid/25990

exchange.xforce.ibmcloud.com/vulnerabilities/37050

www.exploit-db.com/exploits/4505

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.009

Percentile

83.0%

JSON

Related for CVE-2007-5374