Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4873

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4873
Last Modified 15 Nov 2008 01:58:50
Published 27 Sep 2007 03:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4873

Summary

SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.

Vulnerable Systems

Application

  • Simplenews 2.41.03


References

BUGTRAQ - 20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability

MISC - http://www.netvigilance.com/advisory0069

OSVDB - 45479

CONFIRM - http://forum.boesch-it.de/viewtopic.php?t=2791

XF - simpnews-dbtables-information-disclosure(36778)

SREASON - 3173


Last Updated: 27 May 2016 10:45:58