CVE-2007-5816

Name of the Vulnerable Software and Affected Versions CONTENTCustomizer versions 3.1mp and earlier

Description The issue allows remote attackers to obtain sensitive author credentials. This is achieved by making a request with an editauthor action to the dialog.php endpoint, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.

Recommendations For CONTENTCustomizer versions 3.1mp and earlier, consider restricting access to the dialog.php endpoint until a fix is available. As a temporary workaround, avoid using the editauthor action in the request to minimize the risk of exploitation.