PT-2007-2210 · Eqdkp Team · Eqdkp

Eight10

Published

2007-02-06

Updated

2017-10-19

CVE-2007-0760

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EQdkp versions 1.3.1 and earlier

Description The issue allows remote attackers to read or modify account names and passwords by spoofing the HTTP Referer header, which is used for administrative request authentication.

Recommendations For EQdkp versions 1.3.1 and earlier, consider implementing proper authentication mechanisms that do not rely solely on the HTTP Referer header to verify administrative requests. As a temporary workaround, restrict access to administrative functions to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0760

Affected Products

Eqdkp

PT-2007-2210 · Eqdkp Team · Eqdkp

CVE-2007-0760

Related Identifiers

Affected Products

References · 6