CVE-2007-4873

SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
Configurations

Configuration 1

cpe:2.3:a:simplenews:simplenews:2.41.03:*:*:*:*:*:*:*

Information

Published : 2007-09-27 07:17

Updated : 2018-10-15 09:38


NVD link : CVE-2007-4873

Mitre link : CVE-2007-4873

Products Affected
No products.
CWE