PT-2007-4897 · Av · Av Arcade

Kw3Rln

Published

2007-07-10

Updated

2018-10-15

CVE-2007-3643

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AV Arcade version 2.1b

Description The issue allows remote attackers to gain administrative privileges by setting the ava userid cookie value to 1, enabling them to perform certain administrative actions.

Recommendations For AV Arcade version 2.1b, consider restricting access to the admin/index.php page until a fix is available, and avoid using the ava userid cookie value of 1 to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3643

Affected Products

Av Arcade

PT-2007-4897 · Av · Av Arcade

CVE-2007-3643

Related Identifiers

Affected Products

References · 7