Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-4157

EPSS 0.70% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4157

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHPBlogger web根目录敏感信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHPBlogger 在web根目录储存敏感信息但没有赋予足够的访问控制, 这会允许远程攻击者可以借助对data/pref.db提交一个直接的请求,下载一个包含管理密码信息的数据库。 注意:该漏洞易于造成管理访问,因为组成权限cookie只需要密码信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-4157

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-4157

Please Login to view more intelligence information

Same Patch Batch · n/a · 2007-08-03 · 41 CVEs total

CVE-2007-2409Mac OS X WebCore信息泄露漏洞
CVE-2007-4151Visionsoft Audit 敏感信息泄露漏洞
CVE-2007-4152Visionsoft Audit 多个远程漏洞
CVE-2007-4153WordPress多个跨站脚本攻击漏洞
CVE-2007-4154WordPress 'options.php'SQL注入漏洞
CVE-2007-2403Mac OS X CFNetwork FTP URIs验证漏洞
CVE-2007-2404Mac OS X CFNetwork CRLF注入漏洞
CVE-2007-2405Mac OS X PDFKit整数溢出漏洞
CVE-2007-2406Apple Mac OS X Quartz Composer未明漏洞
CVE-2007-2407Mac OS X Samba server磁盘空间配额管理漏洞
CVE-2007-4150Visionsoft Audit 多个远程漏洞
CVE-2007-2410Mac OS X WebCore跨站脚本攻击漏洞
CVE-2007-3744Mac OS X mDNSResponder 缓冲区溢出漏洞
CVE-2007-3745Mac OS X CoreAudio的Java接口访问控制漏洞
CVE-2007-3746Mac OS X CoreAudio的Java接口访问控制漏洞
CVE-2007-3747Mac OS X CoreAudio的Java接口访问控制漏洞
CVE-2007-3748Mac OS X iChat缓冲区溢出漏洞
CVE-2007-4139WordPress 'wp-admin/includes/upload.php'跨站脚本攻击漏洞
CVE-2007-4140Speed (LFS) S2 ALPHA PATCH Live缓冲区溢出漏洞
CVE-2007-4141OpenRat CMS敏感信息泄露漏洞

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-4157

No comments yet

Leave a comment