cvelistv5 - cve-2007-5752

CVE-2007-5752 (GCVE-0-2007-5752)

Vulnerability from cvelistv5

Published

2007-10-31 17:00

Modified

2024-08-07 15:39

Severity ?

CWE

Summary

adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.

References

URL

Tags

cve@mitre.org	http://secunia.com/advisories/27430	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3326
cve@mitre.org	http://www.securityfocus.com/archive/1/482919/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26255
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38173
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3326
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482919/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26255
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38173

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "phpagtc-adduser-security-bypass(38173)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
          },
          {
            "name": "3326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3326"
          },
          {
            "name": "27430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27430"
          },
          {
            "name": "26255",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26255"
          },
          {
            "name": "20071028 AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "phpagtc-adduser-security-bypass(38173)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
        },
        {
          "name": "3326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3326"
        },
        {
          "name": "27430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27430"
        },
        {
          "name": "26255",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26255"
        },
        {
          "name": "20071028 AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5752",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "phpagtc-adduser-security-bypass(38173)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
            },
            {
              "name": "3326",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3326"
            },
            {
              "name": "27430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27430"
            },
            {
              "name": "26255",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26255"
            },
            {
              "name": "20071028 AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5752",
    "datePublished": "2007-10-31T17:00:00",
    "dateReserved": "2007-10-31T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5752\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-31T17:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.\"},{\"lang\":\"es\",\"value\":\"adduser.php de PHP-AGTC Membership (AGTC-Membership) Syste 1.1.a no requiere autenticaci\u00f3n, lo cual permite a atacantes remotos crear cuentas mediante un formulario modificado, como se ha demostrado con una cuenta con privilegios de administraci\u00f3n (userlevel 4).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:agtc_websolutions:php-agtc_membership_system:1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200C25A8-AF80-448E-B237-8E0922BFD4A3\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/27430\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3326\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/482919/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26255\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38173\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/482919/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-402

Vulnerability from certfr_avis

Plusieurs vulnérabilités du serveur web Apache permettent à un utilisateur malintentionné de provoquer un déni de service à distance, de réaliser de l'injection de code indirecte et d'accéder à des informations sensibles.

Description

Plusieurs vulnérabilités affectent le serveur web Apache :

une erreur dans la fonction recall_headers du module mod_mem_cache permet à un utilisateur malintentionné d'accéder à des informations qui peuvent être sensibles ;
une erreur dans le module mod_cache se traduit par l'arrêt inopiné (crash) d'un processus fils lors du traitement de certaines requêtes. Cette erreur permet à un utilisateur malintentionné de provoquer un déni de service à distance ;
le serveur HTTP ne vérifie pas qu'un processus est un processus fils Apache avant de lui envoyer un signal. Cette absence de vérification permet à un utilisateur local malintentionné, dans certaines conditions, de provoquer un déni de service ;
une erreur dans le module mod_proxy est exploitable par un utilisateur malintentionné pour provoquer, dans certaines circonstances, un déni de service à distance ;
une erreur dans le module mod_status permet à un utilisateur malintentionné de réaliser de l'injection de code indirecte (cross site scripting) si la page d'état du serveur est publique et si le paramètre ExtendedStatus est activé.

Solution

Les versions 2.2.6 et 2.0.61 corrigent ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Serveur Apache versions 2.2.x et 2.0.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de version Apache	None	vendor-advisory
Bulletin de sécurité Avaya du 17 août 2007 :	-	other
Bulletins de sécurité IBM du 04 septembre 2007 :	-	other
Bulletins de sécurité IBM du 04 septembre 2007 :	-	other
Bulletins de sécurité IBM du 04 septembre 2007 :	-	other
Bulletins de sécurité IBM du 04 septembre 2007 :	-	other
Bulletin de sécurité Avaya du 17 août 2007 :	-	other
Bulletin de sécurité Avaya du 17 août 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0533 du 26 juin 2007 :	-	other
Bulletin de sécurité HP-UX HPSBUX02262 SSRT071447 du 08 octobre 2007 :	-	other
Bulletin de sécurité Ubuntu USN-499-1 du 16 août 2007 :	-	other
Bulletins de sécurité IBM du 04 septembre 2007 :	-	other
Bulletins de version Apache du 07 septembre 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0534 du 26 juin 2007 :	-	other
Bulletins de version Apache du 07 septembre 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:140 du 04 juillet 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200711-06 du 07 novembre 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0556 du 26 juin 2007 :	-	other
Bulletins de sécurité IBM du 04 septembre 2007 :	-	other
Bulletin de sécurité HP-UX HPSBUX02273 SSRT071476 du 12 octobre 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0662 du 13 juillet 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eServeur \u003cSPAN class=\n  \"textit\"\u003eApache\u003c/SPAN\u003e versions 2.2.x et 2.0.x.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent le serveur web Apache :\n\n-   une erreur dans la fonction recall_headers du module mod_mem_cache\n    permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027acc\u00e9der \u00e0 des informations\n    qui peuvent \u00eatre sensibles ;\n-   une erreur dans le module mod_cache se traduit par l\u0027arr\u00eat inopin\u00e9\n    (crash) d\u0027un processus fils lors du traitement de certaines\n    requ\u00eates. Cette erreur permet \u00e0 un utilisateur malintentionn\u00e9 de\n    provoquer un d\u00e9ni de service \u00e0 distance ;\n-   le serveur HTTP ne v\u00e9rifie pas qu\u0027un processus est un processus fils\n    Apache avant de lui envoyer un signal. Cette absence de v\u00e9rification\n    permet \u00e0 un utilisateur local malintentionn\u00e9, dans certaines\n    conditions, de provoquer un d\u00e9ni de service ;\n-   une erreur dans le module mod_proxy est exploitable par un\n    utilisateur malintentionn\u00e9 pour provoquer, dans certaines\n    circonstances, un d\u00e9ni de service \u00e0 distance ;\n-   une erreur dans le module mod_status permet \u00e0 un utilisateur\n    malintentionn\u00e9 de r\u00e9aliser de l\u0027injection de code indirecte (cross\n    site scripting) si la page d\u0027\u00e9tat du serveur est publique et si le\n    param\u00e8tre ExtendedStatus est activ\u00e9.\n\n## Solution\n\nLes versions 2.2.6 et 2.0.61 corrigent ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2007-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5752"
    },
    {
      "name": "CVE-2007-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1862"
    },
    {
      "name": "CVE-2007-3304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
    },
    {
      "name": "CVE-2007-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
    }
  ],
  "initial_release_date": "2007-09-13T00:00:00",
  "last_revision_date": "2007-11-08T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya du 17 ao\u00fbt 2007 :",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 IBM du 04 septembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK49295"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 IBM du 04 septembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 IBM du 04 septembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 IBM du 04 septembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya du 17 ao\u00fbt 2007 :",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya du 17 ao\u00fbt 2007 :",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0533 du 26 juin 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0533.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX HPSBUX02262 SSRT071447 du 08    octobre 2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-499-1 du 16 ao\u00fbt 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-499-1"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 IBM du 04 septembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50467"
    },
    {
      "title": "Bulletins de version Apache du 07 septembre 2007 :",
      "url": "http://httpd.apache.org/security/vulnerabilities_20.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0534 du 26 juin 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0534.html"
    },
    {
      "title": "Bulletins de version Apache du 07 septembre 2007 :",
      "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:140 du 04 juillet    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200711-06 du 07 novembre    2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-06.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0556 du 26 juin 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 IBM du 04 septembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX HPSBUX02273 SSRT071476 du 12    octobre 2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0662 du 13 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0662.html"
    }
  ],
  "reference": "CERTA-2007-AVI-402",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-09-13T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2007-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s du serveur web \u003cspan\nclass=\"textit\"\u003eApache\u003c/span\u003e permettent \u00e0 un utilisateur malintentionn\u00e9\nde provoquer un d\u00e9ni de service \u00e0 distance, de r\u00e9aliser de l\u0027injection\nde code indirecte et d\u0027acc\u00e9der \u00e0 des informations sensibles.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Apache",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de version Apache",
      "url": null
    }
  ]
}

gsd-2007-5752

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-5752

Aliases

CVE-2007-5752

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5752",
    "description": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.",
    "id": "GSD-2007-5752"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5752"
      ],
      "details": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.",
      "id": "GSD-2007-5752",
      "modified": "2023-12-13T01:21:41.446414Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5752",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "phpagtc-adduser-security-bypass(38173)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
          },
          {
            "name": "3326",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3326"
          },
          {
            "name": "27430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27430"
          },
          {
            "name": "26255",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26255"
          },
          {
            "name": "20071028 AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:agtc_websolutions:php-agtc_membership_system:1.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5752"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27430",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27430"
            },
            {
              "name": "26255",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26255"
            },
            {
              "name": "3326",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3326"
            },
            {
              "name": "phpagtc-adduser-security-bypass(38173)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
            },
            {
              "name": "20071028 AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:46Z",
      "publishedDate": "2007-10-31T17:46Z"
    }
  }
}

fkie_cve-2007-5752

Vulnerability from fkie_nvd

Published

2007-10-31 17:46

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/27430	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3326
cve@mitre.org	http://www.securityfocus.com/archive/1/482919/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26255
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38173
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3326
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482919/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26255
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38173

Impacted products

	Vendor	Product	Version
	agtc_websolutions	php-agtc_membership_system	1.1a

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:agtc_websolutions:php-agtc_membership_system:1.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "200C25A8-AF80-448E-B237-8E0922BFD4A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges."
    },
    {
      "lang": "es",
      "value": "adduser.php de PHP-AGTC Membership (AGTC-Membership) Syste 1.1.a no requiere autenticaci\u00f3n, lo cual permite a atacantes remotos crear cuentas mediante un formulario modificado, como se ha demostrado con una cuenta con privilegios de administraci\u00f3n (userlevel 4)."
    }
  ],
  "id": "CVE-2007-5752",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-31T17:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27430"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26255"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-wcx7-w66c-fc49

Vulnerability from github

Published

2022-05-01 18:36

Modified

2022-05-01 18:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-31T17:46:00Z",
    "severity": "HIGH"
  },
  "details": "adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.",
  "id": "GHSA-wcx7-w66c-fc49",
  "modified": "2022-05-01T18:36:33Z",
  "published": "2022-05-01T18:36:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5752"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38173"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27430"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3326"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/482919/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26255"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-5752 (GCVE-0-2007-5752)

Vulnerability from cvelistv5

CERTA-2007-AVI-402

Vulnerability from certfr_avis

Description

Solution

gsd-2007-5752

Vulnerability from gsd

fkie_cve-2007-5752

Vulnerability from fkie_nvd

ghsa-wcx7-w66c-fc49

Vulnerability from github

Tags

Sightings

Nomenclature