CVE-2007-3494 - Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend admi

CVE-2007-3494

Summary

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.

References

Vulnerable Configurations

cpe:2.3:a:papoo:papoo:*:*:*:*:*:*:*:*
cpe:2.3:a:papoo:papoo:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:50)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:N/A:N

refmap via4

bid	24634
bugtraq	20070624 Papoo CMS 3.6 - Access Restriction Bypass
fulldisc	20070624 Papoo CMS 3.6 - Access Restriction Bypass
misc	http://www.papoo.de/index/menuid/204/reporeid/215
osvdb	37542
sreason	2853
xf	papoo-plugin-security-bypass(35032)

Last major update

16-10-2018 - 16:50

Published

29-06-2007 - 18:30

Last modified

16-10-2018 - 16:50