CVE-2007-4240

{"id": "CVE-2007-4240", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-08T22:17:00.000", "references": [{"url": "http://osvdb.org/39400", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26352", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25225", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35833", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39400", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26352", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25225", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35833", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "La funci\u00f3n check_logout del class/auth.php en el Help Center Live (hcl) 2.1.3a env\u00eda una redirecci\u00f3n al navegador web pero no sale cuando las credenciales administrativas se pierden, lo que permite a atacantes remotos borrar usuarios administrativos y tener otros impactos sin especificar a trav\u00e9s de ciertas peticiones a 1) admin/departments.php, (2) admin/operators.php y otros scripts sin especificar. NOTA: algunos de estos detalles se obtienen a partir de la informaci\u00f3n de terceros."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:help_center_live:help_center_live:2.1.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6CFB050-31E1-4014-A46A-C03919098745"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}