Lucene search

[email protected]CVE-2007-0518

HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0518

2007-01-2601:28:00

[email protected]

web.nvd.nist.gov

smart php subscriber

vulnerability

remote attackers

encoded passwords

access control

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.0%

JSON

Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.

Affected configurations

NVD

Node

scriptsezsmart_php_subscriber

CPENameOperatorVersion
scriptsez:smart_php_subscriberscriptsez smart php subscribereq*

CPE	Name	Operator	Version
scriptsez:smart_php_subscriber	scriptsez smart php subscriber	eq	*

References

osvdb.org/32946

secunia.com/advisories/23886

securityreason.com/securityalert/2183

www.securityfocus.com/archive/1/457852/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/31701

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2007-0518

prion1 nvd1 cvelist1 securityvulns1