Search...

CVE-2007-0597

2007-01-30T13:28:00

ID CVE-2007-0597
Type cve
Reporter NVD
Modified 2008-11-13T01:32:24

Description

Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.

JSON Vulners Source

Initial Source

{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0597", "history": [], "references": ["http://acid-root.new.fr/poc/21070125.txt", "http://www.securityfocus.com/archive/1/archive/1/458123/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded"], "lastseen": "2016-09-03T08:21:51", "bulletinFamily": "NVD", "title": "CVE-2007-0597", "cpe": ["cpe:/a:aztek_forum:aztek_forum:4.0"], "viewCount": 0, "id": "CVE-2007-0597", "hash": "3c5d2775b72f85073727ea830aa1ae187bc55a3fcaf272c915d73a6ec4ce4926", "description": "Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2007-0597"], "scanner": [], "modified": "2008-11-13T01:32:24", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2007-01-30T13:28:00", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T08:21:51"}, "vulnersScore": 5.0}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:29", "references": [], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33593](https://vulners.com/osvdb/OSVDB:33593)\n[Related OSVDB ID: 33596](https://vulners.com/osvdb/OSVDB:33596)\n[Related OSVDB ID: 33595](https://vulners.com/osvdb/OSVDB:33595)\n[Related OSVDB ID: 33597](https://vulners.com/osvdb/OSVDB:33597)\nOther Advisory URL: http://acid-root.new.fr/poc/21070125.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0582.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0595.html\n[CVE-2007-0597](https://vulners.com/cve/CVE-2007-0597)\n", "edition": 1, "reporter": "OSVDB", "published": "2007-01-25T03:56:02", "title": "Aztek Forum forum.php fid Variable Path Disclosure", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0597"], "modified": "2007-01-25T03:56:02", "href": "https://vulners.com/osvdb/OSVDB:33594", "id": "OSVDB:33594", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15861", "https://vulners.com/securityvulns/securityvulns:doc:15860", "https://vulners.com/securityvulns/securityvulns:doc:15856", "https://vulners.com/securityvulns/securityvulns:doc:15854", "https://vulners.com/securityvulns/securityvulns:doc:15869", "https://vulners.com/securityvulns/securityvulns:doc:15868", "https://vulners.com/securityvulns/securityvulns:doc:15866", "https://vulners.com/securityvulns/securityvulns:doc:15862", "https://vulners.com/securityvulns/securityvulns:doc:15865", "https://vulners.com/securityvulns/securityvulns:doc:15867", "https://vulners.com/securityvulns/securityvulns:doc:15855", "https://vulners.com/securityvulns/securityvulns:doc:15863", "https://vulners.com/securityvulns/securityvulns:doc:15864"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2007-01-25T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:22", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Aztek Forum", "version": "4.1", "operator": "eq"}, {"name": "ASP EDGE", "version": "1.2", "operator": "eq"}, {"name": "Drupal Project Module", "version": "4.7", "operator": "eq"}, {"name": "Community Server", "version": "2.1", "operator": "eq"}, {"name": "ezDatabase", "version": "2.1", "operator": "eq"}, {"name": "GPS", "version": "1.2", "operator": "eq"}, {"name": "Shopping Basket Professional", "version": "7.50", "operator": "eq"}, {"name": "uniForum", "version": "4", "operator": "eq"}, {"name": "Siteman", "version": "1.1", "operator": "eq"}, {"name": "Drupal Project issue tracking Module", "version": "4.7", "operator": "eq"}, {"name": "CGI Rescue WebFORM", "version": "4.3", "operator": "eq"}, {"name": "Xero Portal", "version": "1.2", "operator": "eq"}, {"name": "WordPress", "version": "2.1", "operator": "eq"}, {"name": "Siteman", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2007-0226", "CVE-2007-0595", "CVE-2007-0540", "CVE-2007-0600", "CVE-2007-0599", "CVE-2007-0554", "CVE-2007-0594", "CVE-2007-0534", "CVE-2007-0506", "CVE-2007-0593", "CVE-2007-0861", "CVE-2007-0601", "CVE-2007-0592", "CVE-2007-0541", "CVE-2007-0597", "CVE-2007-0547", "CVE-2007-0505", "CVE-2007-0538", "CVE-2007-0539", "CVE-2007-0632", "CVE-2007-0598", "CVE-2007-0596", "CVE-2007-0565"], "modified": "2007-01-25T00:00:00", "id": "SECURITYVULNS:VULN:7108", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7108", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}