CVE-2007-5278
Last modified
CVE-2007-5278 is a vulnerability of currently unknown severity. Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.. EPSS estimates a 2.02% chance of exploitation in the next 30 days.
Description
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zomplog | Zomplog | 3.8.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-5278?
How severe is CVE-2007-5278?
How do I fix CVE-2007-5278?
Are you affected by CVE-2007-5278?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST