CVE-2007-0607

Опубликовано: 20 мар. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.

Ссылки

http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053054.html
http://securityreason.com/securityalert/2465
http://www.netvigilance.com/advisory0015
Exploit
Vendor Advisory
http://www.osvdb.org/31670
http://www.securityfocus.com/archive/1/463215/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/33073
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053054.html
http://securityreason.com/securityalert/2465
http://www.netvigilance.com/advisory0015
Exploit
Vendor Advisory
http://www.osvdb.org/31670
http://www.securityfocus.com/archive/1/463215/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/33073

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:w-agora:w-agora:4.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00507

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rrwv-jg76-62hq

github

почти 4 года назад