CVE-2007-2985
published 2007-06-01CVE-2007-2985: Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1)…
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.17%
89.6th percentile
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pheap | pheap | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/36737http://secunia.com/advisories/25460https://exchange.xforce.ibmcloud.com/vulnerabilities/34592https://www.exploit-db.com/exploits/4006http://osvdb.org/36737http://secunia.com/advisories/25460https://exchange.xforce.ibmcloud.com/vulnerabilities/34592https://www.exploit-db.com/exploits/4006
2007-06-01
Published