cbcvebase.
CVE-2007-2007
published 2007-04-12

CVE-2007-2007: admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.

PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.66%
83.8th percentile
admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.

Affected

4 ranges
VendorProductVersion rangeFixed in
djangoprojectdjango>= 0.91.0 < 0.91.10.91.1
djangoprojectdjango>= 0.95 < 0.95.20.95.2
djangoprojectdjango>= 0.96.0 < 0.96.10.96.1
pl-phppl-php

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.