Jean Charles Jbc Explorer vulnerabilities
2 known vulnerabilities affecting jean_charles/jbc_explorer.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2007-5913P3MEDIUMCVSS 6.8PoC≤ 7.20_rc12007-11-10
CVE-2007-5913 [MEDIUM] CWE-287 CVE-2007-5913: dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
nvd
CVE-2007-5914P3MEDIUMCVSS 6.8PoC≤ 7.20_rc12007-11-10
CVE-2007-5914 [MEDIUM] CVE-2007-5914: Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.
nvd