CVE-2007-0192

Published: Jan 12, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.

Affected (1)

Products: Mkportal: Mkportal

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mkportal Mkportal	All versions

References (6)

http://osvdb.org/33400

Source: cve@mitre.org

http://securityreason.com/securityalert/2137

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455894/100/100/threaded

Source: cve@mitre.org

http://osvdb.org/33400

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/2137

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/455894/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.