exploitDog

CVE-2007-6470

Опубликовано: 20 дек. 2007

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.

Ссылки

http://marc.info/?l=bugtraq&m=119774326804168&w=2
http://secunia.com/advisories/27968
Vendor Advisory
http://www.securityfocus.com/bid/26884
Exploit
http://marc.info/?l=bugtraq&m=119774326804168&w=2
http://secunia.com/advisories/27968
Vendor Advisory
http://www.securityfocus.com/bid/26884
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phprpg:phprpg:0.8:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03011

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-pq5g-gg66-p9cr

github

почти 4 года назад

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.

EPSS

Процентиль: 86%

0.03011

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264