CVE-2007-4240
Last modified
CVE-2007-4240 is a vulnerability of currently unknown severity. The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.. EPSS estimates a 1.36% chance of exploitation in the next 30 days.
Description
The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Help Center Live | Help Center Live | 2.1.3a |
References
- http://secunia.com/advisories/26352Vendor Advisory
- http://secunia.com/advisories/26352Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4240?
How severe is CVE-2007-4240?
How do I fix CVE-2007-4240?
Are you affected by CVE-2007-4240?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST