CVE-2007-5913

Name of the Vulnerable Software and Affected Versions JBC Explorer versions 7.20 RC1 and earlier

Description The issue concerns a lack of authentication requirement in a specific module, allowing remote attackers to perform certain actions without proper authorization. Specifically, attackers can delete a critical file named auth.inc.php by manipulating the suppr parameter, and then re-create this file with malicious contents that define a new account name and password for JBC Explorer by using the login and password parameters.

Recommendations For JBC Explorer versions 7.20 RC1 and earlier, as a temporary workaround, consider restricting access to the auth.php module to minimize the risk of exploitation. Avoid using the suppr, login, and password parameters in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.