VDB
CVE-2007-5109
CVE-2007-5109
PUBLISHED
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.
EPSS 0.22% · 44.5th percentile
Risk Scores
EPSS Score
0.22%
44.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | flatnuke | 2.7.2-0ubuntu3, 0 |
| Ubuntu:24.04:LTS | flatnuke | 2.7.2-0ubuntu5, 2.7.2-0ubuntu3, 0 |
| Ubuntu:18.04:LTS | flatnuke | 2.7.2-0ubuntu3, 0 |
| Ubuntu:25.10 | flatnuke | 2.7.2-0ubuntu5, 0 |
| Ubuntu:22.04:LTS | flatnuke | 0, 2.7.2-0ubuntu3 |
| Ubuntu:16.04:LTS | flatnuke | 0, 2.7.2-0ubuntu2, 2.7.2-0ubuntu3 |
Exploit Intelligence
- 20070924 Arbitrary Command Inclusion (circl)
- 25817 (circl)
- 26957 (circl)
- flatnuke-mod-security-bypass(36763) (circl)
- 3176 (circl)
Timeline
- Sep 26, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2007-5109 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2007-5109 third-party-advisory