Lucene search

[email protected]CVE-2007-5128

HistorySep 27, 2007 - 7:17 p.m.

CVE-2007-5128

2007-09-2719:17:00

CWE-20

[email protected]

web.nvd.nist.gov

simpnews

windows

cve-2007-5128

php 5.0.0

remote attackers

sensitive information

unsupported argument type

nvd

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

CPENameOperatorVersion
boesch-it:simpnewsboesch-it simpnewseq2.41.03
php:phpphple5.0.0

CPE	Name	Operator	Version
boesch-it:simpnews	boesch-it simpnews	eq	2.41.03
php:php	php	le	5.0.0

References

forum.boesch-it.de/viewtopic.php?t=2791

securityreason.com/securityalert/3174

www.netvigilance.com/advisory0068

www.securityfocus.com/archive/1/480588/100/0/threaded

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for CVE-2007-5128

cvelist1 prion1