PT-2007-6224 · Simpgb · Simpgb

Jesper Jurcenoks

Publicado

2007-09-27

Atualizado

2018-10-15

CVE-2007-5129

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SimpGB version 1.46.02

Description The issue allows remote attackers to obtain sensitive configuration information and download arbitrary files due to insufficient access control. This can be achieved by making a direct request for specific files, such as admin/cfginfo.php for configuration information, and other .inc files, for example, admin/includes/dbtables.inc.

Recommendations For SimpGB version 1.46.02, consider restricting direct access to sensitive files such as admin/cfginfo.php and .inc files under the admin/includes directory until a proper fix is available. As a temporary workaround, restrict access to the admin directory to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2007-5129

Produtos afetados

Simpgb

PT-2007-6224 · Simpgb · Simpgb

CVE-2007-5129

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11