Vulnerabilities > CVE-2007-6399 - Credentials Management vulnerability in Myupb Flat PHP Board

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

myupb

CWE-255

exploit available

NVD

Published: 2007-12-17

Updated: 2018-10-15

Summary

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.

Vulnerable Configurations

Part	Description	Count
Application	Myupb Myupb Flat PHP Board *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Flat PHP Board <= 1.2 Multiple Vulnerabilities. CVE-2007-6395,CVE-2007-6396,CVE-2007-6397,CVE-2007-6398,CVE-2007-6399. Webapps exploit for php platform
file	exploits/php/webapps/4705.txt
id	EDB-ID:4705
last seen	2016-01-31
modified	2007-12-09
platform	php
port
published	2007-12-09
reporter	KiNgOfThEwOrLd
source	https://www.exploit-db.com/download/4705/
title	Flat PHP Board <= 1.2 - Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References