Vulnerabilities > CVE-2008-1507 - Configuration vulnerability in Peel 1.0B/2.6/2.7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
peel
CWE-16
exploit available

Summary

PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access.

Vulnerable Configurations

Part Description Count
Application
Peel
4

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPEEL CMS Admin Hash Extraction and Remote Upload Exploit. CVE-2008-1495,CVE-2008-1496,CVE-2008-1506,CVE-2008-1507. Webapps exploit for php platform
fileexploits/php/webapps/5281.php
idEDB-ID:5281
last seen2016-01-31
modified2008-03-19
platformphp
port
published2008-03-19
reporterCharles Fol
sourcehttps://www.exploit-db.com/download/5281/
titlePEEL CMS Admin Hash Extraction and Remote Upload Exploit
typewebapps