CVE-2007-6398

Flat PHP Board <1.2 - Auth Bypass

Title source: llm

Description

Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by KiNgOfThEwOrLd · textwebappsphp

https://www.exploit-db.com/exploits/4705

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/43678

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484803/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26782

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4705

Scores

EPSS 0.0311

EPSS Percentile 86.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

flat_php/board < 1.2

Timeline

Published Dec 17, 2007

Tracked Since Feb 18, 2026