Lucene search

MitreCVE-2007-2100

HistoryApr 18, 2007 - 10:19 a.m.

CVE-2007-2100

2007-04-1810:19:00

mitre

web.nvd.nist.gov

cve-2007-2100

fac guestbook 2.0

sensitive information

web root

access control

remote attackers

database download

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.011

Percentile

84.5%

JSON

FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.

Affected configurations

Nvd

Node

fac_guestbookfac_guestbookMatch2.0

VendorProductVersionCPE
fac_guestbookfac_guestbook2.0cpe:2.3:a:fac_guestbook:fac_guestbook:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fac_guestbook	fac_guestbook	2.0	cpe:2.3:a:fac_guestbook:fac_guestbook:2.0:::::::*

References

secunia.com/advisories/24872

securityreason.com/securityalert/2570

www.securityfocus.com/archive/1/465544/100/0/threaded

www.securityfocus.com/bid/23441

exchange.xforce.ibmcloud.com/vulnerabilities/33600

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.011

Percentile

84.5%

JSON

Related for CVE-2007-2100