CVE-2007-3651

2022-10-0316:14:21

mitre

www.cve.org

farsi script

faname 1.0

information disclosure

remote attack

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.

References

descriptions.securescout.com/tc/17971

www.netvigilance.com/advisory0041