CVE-2007-6414

Adult Script <1.6 - Auth Bypass

Title source: llm

Description

admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Liz0ziM · phpwebappsphp

https://www.exploit-db.com/exploits/4731

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/28064

[Exploit] http://www.securityfocus.com/bid/26870

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39034

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4731

Scores

EPSS 0.0338

EPSS Percentile 87.4%

Details

CWE

CWE-255

Status published

Products (1)

adultscript/adultscript 1.6

Published Dec 17, 2007

Tracked Since Feb 18, 2026