CVE-2007-5278

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
Configurations

Configuration 1

cpe:2.3:a:zomplog:zomplog:3.8.1:*:*:*:*:*:*:*

Information

Published : 2007-10-08 11:17

Updated : 2017-09-29 01:29


NVD link : CVE-2007-5278

Mitre link : CVE-2007-5278

Products Affected
No products.
CWE