Lucene search

K
cve[email protected]CVE-2007-0518
HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0518

2007-01-2601:28:00
web.nvd.nist.gov
19
smart php subscriber
vulnerability
remote attackers
encoded passwords
access control

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.0%

Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.

Affected configurations

NVD
Node
scriptsezsmart_php_subscriber

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.0%

Related for CVE-2007-0518