CVE-2007-0375 - OpenCVE

Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Joomla	Joomla

Configuration 1 [-]

cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html	Exploit Vendor Advisory
http://osvdb.org/32522
http://osvdb.org/32523
http://osvdb.org/32524
http://osvdb.org/32525
http://osvdb.org/32526
http://www.hackers.ir/advisories/festival.txt	Vendor Advisory
http://www.securityfocus.com/archive/1/459203/100/0/threaded

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-19T23:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-01-19T00:00:00

Link: CVE-2007-0375

JSON object: View

NVD Information

Status : Modified

Published: 2007-01-19T23:28:00.000

Modified: 2018-10-16T16:32:25.603

Link: CVE-2007-0375

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32522", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32522"}, {"name": "20070118 The vulnerabilities festival !", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"name": "32526", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32526"}, {"name": "32525", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32525"}, {"name": "20070204 Sql injection bugs in Joomla and Mambo", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}, {"name": "32523", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32523"}, {"name": "32524", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32524"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hackers.ir/advisories/festival.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0375", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32522", "refsource": "OSVDB", "url": "http://osvdb.org/32522"}, {"name": "20070118 The vulnerabilities festival !", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"name": "32526", "refsource": "OSVDB", "url": "http://osvdb.org/32526"}, {"name": "32525", "refsource": "OSVDB", "url": "http://osvdb.org/32525"}, {"name": "20070204 Sql injection bugs in Joomla and Mambo", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}, {"name": "32523", "refsource": "OSVDB", "url": "http://osvdb.org/32523"}, {"name": "32524", "refsource": "OSVDB", "url": "http://osvdb.org/32524"}, {"name": "http://www.hackers.ir/advisories/festival.txt", "refsource": "MISC", "url": "http://www.hackers.ir/advisories/festival.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0375", "datePublished": "2007-01-19T23:00:00", "dateReserved": "2007-01-19T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*", "matchCriteriaId": "16F243A8-5513-4BB7-AB55-5A715D5AE546", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script."}, {"lang": "es", "value": "Joomla! 1.5.0 Beta permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de respuesta directa para (1) plugins/user/example.php; (2) gmail.php, (3) example.php, o (4) ldap.php en plugins/authentication/; (5) modules/mod_mainmenu/menu.php; u otros scripts PHP no especificados, lo cual revela la ruta en varios mensajes de error, relacionado con la llamada a la funci\u00f3n jimport al inicio de cada script."}], "id": "CVE-2007-0375", "lastModified": "2018-10-16T16:32:25.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-19T23:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32522"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32523"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32524"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32525"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32526"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.hackers.ir/advisories/festival.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}