Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/25861 | Exploit Patch |
https://www.exploit-db.com/exploits/4466 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-10-08T23:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2007-10-08T00:00:00
Link: CVE-2007-5278
JSON object: View
NVD Information
Status : Modified
Published: 2007-10-08T23:17:00.000
Modified: 2017-09-29T01:29:33.033
Link: CVE-2007-5278
JSON object: View
Redhat Information
No data.
CWE