Lucene search

[email protected]CVE-2007-5129

HistorySep 27, 2007 - 7:17 p.m.

CVE-2007-5129

2007-09-2719:17:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2007-5129

simpgb 1.46.02

web security

access control

sensitive information

remote attack

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.4%

JSON

SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.

Affected configurations

NVD

Node

boesch-itsimpgbMatch1.46.02

CPENameOperatorVersion
boesch-it:simpgbboesch-it simpgbeq1.46.02

CPE	Name	Operator	Version
boesch-it:simpgb	boesch-it simpgb	eq	1.46.02

References

forum.boesch-it.de/viewtopic.php?t=2790

osvdb.org/40612

osvdb.org/40613

secunia.com/advisories/26974

www.netvigilance.com/advisory0065

www.netvigilance.com/advisory0066

www.securityfocus.com/archive/1/480590/100/0/threaded

www.securityfocus.com/archive/1/480592/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/36776

exchange.xforce.ibmcloud.com/vulnerabilities/36777

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for CVE-2007-5129

cvelist1 nvd1 prion1