Lucene search
MitreCVE-2007-0091HistoryJan 05, 2007 - 6:28 p.m.
CVE-2007-0091
2007-01-0518:28:00
mitre
web.nvd.nist.gov
27
cve-2007-0091
newscmslite
sensitive information
web root
access control
remote attackers
database
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.042
Percentile
92.3%
newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.
Affected configurations
Node
katy_whitton_web_developmentnewscmslite
| Vendor | Product | Version | CPE |
|---|---|---|---|
| katy_whitton_web_development | newscmslite | * | cpe:2.3:a:katy_whitton_web_development:newscmslite:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2007-0091
2007-01-05 18:28:00
prion
prion
Improper access control
2007-01-05 18:28:00
exploitdb
exploitdb
NewsCMSLite - 'newsCMS.mdb' Remote Password Disclosure
2007-01-01 00:00:00
cvelist
cvelist
CVE-2007-0091
2007-01-05 18:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.042
Percentile
92.3%
Related for CVE-2007-0091