ID CVE-2007-0597Type cveReporter NVDModified 2018-10-16T12:33:31
Description
Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.
{"id": "CVE-2007-0597", "bulletinFamily": "NVD", "title": "CVE-2007-0597", "description": "Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.", "published": "2007-01-30T13:28:00", "modified": "2018-10-16T12:33:31", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0597", "reporter": "NVD", "references": ["http://acid-root.new.fr/poc/21070125.txt", "http://www.securityfocus.com/archive/1/458076/100/0/threaded", "http://www.securityfocus.com/archive/1/458123/100/0/threaded"], "cvelist": ["CVE-2007-0597"], "type": "cve", "lastseen": "2018-10-18T15:06:07", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:aztek_forum:aztek_forum:4.0"], "cvelist": ["CVE-2007-0597"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T08:21:51", "value": 5.0, "vector": "NONE"}}, "hash": "70f3bc57d86eb17ed255a4b75323f57da5ad6498fe4f1bf21636cde301ae41a3", "hashmap": [{"hash": "5460b17eb083906b1e329d5c7d87460e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "e3d408dd5b1ce5bfeac3cfbe677f675d", "key": "published"}, {"hash": "9c68b9802cee204a4f005a3b0906d68f", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "054b4019beb26ebdd067a4d22895aeeb", "key": "cvelist"}, {"hash": "161925dd9a42e2f5937e6f9264b6e87c", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "db80c926bddbd9e7b188e0d7828a609d", "key": "modified"}, {"hash": "6281e711bbb4668a704797933aa3fee0", "key": "cpe"}, {"hash": "622d2cfd79f027f762107f0cecd9b67e", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0597", "id": "CVE-2007-0597", "lastseen": "2016-09-03T08:21:51", "modified": "2008-11-13T01:32:24", "objectVersion": "1.2", "published": "2007-01-30T13:28:00", "references": ["http://acid-root.new.fr/poc/21070125.txt", "http://www.securityfocus.com/archive/1/archive/1/458123/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-0597", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T08:21:51"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "6281e711bbb4668a704797933aa3fee0"}, {"key": "cvelist", "hash": "054b4019beb26ebdd067a4d22895aeeb"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "622d2cfd79f027f762107f0cecd9b67e"}, {"key": "href", "hash": "5460b17eb083906b1e329d5c7d87460e"}, {"key": "modified", "hash": "25890660d4abcc6aa9dec0bed837dae4"}, {"key": "published", "hash": "e3d408dd5b1ce5bfeac3cfbe677f675d"}, {"key": "references", "hash": "3ee5330c7e2ee4dd1322b3b08060a63d"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "9c68b9802cee204a4f005a3b0906d68f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "14816e41ee71af41d2dcfd0a06e36ed7d4cf0fd3823f242bc3a833d56dd78936", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-10-18T15:06:07"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:aztek_forum:aztek_forum:4.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:29", "references": [], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33593](https://vulners.com/osvdb/OSVDB:33593)\n[Related OSVDB ID: 33596](https://vulners.com/osvdb/OSVDB:33596)\n[Related OSVDB ID: 33595](https://vulners.com/osvdb/OSVDB:33595)\n[Related OSVDB ID: 33597](https://vulners.com/osvdb/OSVDB:33597)\nOther Advisory URL: http://acid-root.new.fr/poc/21070125.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0582.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0595.html\n[CVE-2007-0597](https://vulners.com/cve/CVE-2007-0597)\n", "edition": 1, "reporter": "OSVDB", "published": "2007-01-25T03:56:02", "title": "Aztek Forum forum.php fid Variable Path Disclosure", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0597"], "modified": "2007-01-25T03:56:02", "href": "https://vulners.com/osvdb/OSVDB:33594", "id": "OSVDB:33594", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15861", "https://vulners.com/securityvulns/securityvulns:doc:15860", "https://vulners.com/securityvulns/securityvulns:doc:15856", "https://vulners.com/securityvulns/securityvulns:doc:15854", "https://vulners.com/securityvulns/securityvulns:doc:15869", "https://vulners.com/securityvulns/securityvulns:doc:15868", "https://vulners.com/securityvulns/securityvulns:doc:15866", "https://vulners.com/securityvulns/securityvulns:doc:15862", "https://vulners.com/securityvulns/securityvulns:doc:15865", "https://vulners.com/securityvulns/securityvulns:doc:15867", "https://vulners.com/securityvulns/securityvulns:doc:15855", "https://vulners.com/securityvulns/securityvulns:doc:15863", "https://vulners.com/securityvulns/securityvulns:doc:15864"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2007-01-25T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:22", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Aztek Forum", "version": "4.1", "operator": "eq"}, {"name": "ASP EDGE", "version": "1.2", "operator": "eq"}, {"name": "Drupal Project Module", "version": "4.7", "operator": "eq"}, {"name": "Community Server", "version": "2.1", "operator": "eq"}, {"name": "ezDatabase", "version": "2.1", "operator": "eq"}, {"name": "GPS", "version": "1.2", "operator": "eq"}, {"name": "Shopping Basket Professional", "version": "7.50", "operator": "eq"}, {"name": "uniForum", "version": "4", "operator": "eq"}, {"name": "Siteman", "version": "1.1", "operator": "eq"}, {"name": "Drupal Project issue tracking Module", "version": "4.7", "operator": "eq"}, {"name": "CGI Rescue WebFORM", "version": "4.3", "operator": "eq"}, {"name": "Xero Portal", "version": "1.2", "operator": "eq"}, {"name": "WordPress", "version": "2.1", "operator": "eq"}, {"name": "Siteman", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2007-0226", "CVE-2007-0595", "CVE-2007-0540", "CVE-2007-0600", "CVE-2007-0599", "CVE-2007-0554", "CVE-2007-0594", "CVE-2007-0534", "CVE-2007-0506", "CVE-2007-0593", "CVE-2007-0861", "CVE-2007-0601", "CVE-2007-0592", "CVE-2007-0541", "CVE-2007-0597", "CVE-2007-0547", "CVE-2007-0505", "CVE-2007-0538", "CVE-2007-0539", "CVE-2007-0632", "CVE-2007-0598", "CVE-2007-0596", "CVE-2007-0565"], "modified": "2007-01-25T00:00:00", "id": "SECURITYVULNS:VULN:7108", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7108", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
