CVE-2007-5109: CSRF
First published: Wed Sep 26 2007(Updated: )
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Postnuke Software Foundation Pnphpbb | =2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-5109?
CVE-2007-5109 is classified as a high severity vulnerability due to its potential to compromise user accounts.
How do I fix CVE-2007-5109?
To fix CVE-2007-5109, you should update FlatNuke to the latest version that addresses this CSRF vulnerability.
Who is affected by CVE-2007-5109?
Users of FlatNuke versions 2.6 and possibly 3 are affected by CVE-2007-5109.
What type of attack does CVE-2007-5109 involve?
CVE-2007-5109 involves a cross-site request forgery (CSRF) attack that can change user passwords and privileges.
What components are exploited in CVE-2007-5109?
CVE-2007-5109 exploits the user parameter and modified regpass and level parameters in the none_Login action of index.php.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/flatnuke
- canonical/postnuke software foundation pnphpbb
- version/postnuke software foundation pnphpbb/2.6