Lucene search

[email protected]CVE-2007-1341

HistoryMar 08, 2007 - 10:19 p.m.

CVE-2007-1341

2007-03-0822:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1341

simple invoices

auth.php

security vulnerability

sensitive information

nvd

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.

CPENameOperatorVersion
simple_invoices:simple_invoicessimple invoiceseq2006-12-11
simple_invoices:simple_invoicessimple invoiceseq2007-02-02
simple_invoices:simple_invoicessimple invoiceseq2007-01-25

CPE	Name	Operator	Version
simple_invoices:simple_invoices	simple invoices	eq	2006-12-11
simple_invoices:simple_invoices	simple invoices	eq	2007-02-02
simple_invoices:simple_invoices	simple invoices	eq	2007-01-25

References

code.google.com/p/simpleinvoices/issues/detail?id=35

forum.tufat.com/showthread.php?p=116753#post116753

osvdb.org/33860

secunia.com/advisories/24402

www.securityfocus.com/bid/22818

sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2007-1341

prion1 securityvulns1