CVE-2007-6399

{"id": "CVE-2007-6399", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-17T18:46:00.000", "references": [{"url": "http://osvdb.org/44118", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/484803/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26782", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4705", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action."}, {"lang": "es", "value": "index.php de Flat PHP Board 1.2 y versiones anteriores permite a usuarios remotos autenticados obtener la contrase\u00f1a para la cuenta actual de usuario al leer el valor del par\u00e1metro password en el c\u00f3digo fuente HTML para la p\u00e1gina generada por una acci\u00f3n profile."}], "lastModified": "2018-10-15T21:52:55.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:myupb:flat_php_board:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04695CA6-CE7A-447B-B39D-B1F08DD4199D", "versionEndIncluding": "1.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}