CVE-2007-4873

Опубликовано: 27 сент. 2007

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.

Ссылки

http://forum.boesch-it.de/viewtopic.php?t=2791
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066056.html
http://osvdb.org/45479
http://securityreason.com/securityalert/3173
http://www.netvigilance.com/advisory0069
Vendor Advisory
http://www.securityfocus.com/archive/1/480601/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36778
http://forum.boesch-it.de/viewtopic.php?t=2791
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066056.html
http://osvdb.org/45479
http://securityreason.com/securityalert/3173
http://www.netvigilance.com/advisory0069
Vendor Advisory
http://www.securityfocus.com/archive/1/480601/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36778

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simplenews:simplenews:2.41.03:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00508

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-8xmm-2h7f-547x

github

почти 4 года назад