Lucene search

K
nvd[email protected]NVD:CVE-2007-1605
HistoryMar 22, 2007 - 11:19 p.m.

CVE-2007-1605

2007-03-2223:19:00
web.nvd.nist.gov
8
web-agora
sensitive information
request parameters

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.007

Percentile

80.7%

w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1.

Affected configurations

Nvd
Node
w-agoraw-agoraMatch4.2.1
VendorProductVersionCPE
w-agoraw-agora4.2.1cpe:2.3:a:w-agora:w-agora:4.2.1:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.007

Percentile

80.7%

Related for NVD:CVE-2007-1605