Lucene search

[email protected]CVE-2007-0880

HistoryFeb 12, 2007 - 8:28 p.m.

CVE-2007-0880

2007-02-1220:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0880

capital request forms

access control

database credentials

information security

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.

Affected configurations

NVD

Node

capital_request_formscapital_request_forms

CPENameOperatorVersion
capital_request_forms:capital_request_formscapital request formseq*

CPE	Name	Operator	Version
capital_request_forms:capital_request_forms	capital request forms	eq	*

References

osvdb.org/33682

www.securityfocus.com/archive/1/459574/100/0/threaded

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for CVE-2007-0880

cvelist1 nvd1 prion1 securityvulns1