PT-2007-7434 · Openbiblio · Openbiblio
Juan Galiana
·
Publicado
2007-12-31
·
Atualizado
2018-10-15
·
CVE-2007-6607
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenBiblio versions 0.5.2-pre4 and earlier
Description
The issue allows remote attackers to obtain sensitive information via direct requests for specific files, including
shared/footer.php, circ/mbr fields.php, and admin/custom marc form fields.php. These requests can reveal the path in various error messages.Recommendations
For OpenBiblio versions 0.5.2-pre4 and earlier, consider restricting access to the sensitive files
shared/footer.php, circ/mbr fields.php, and admin/custom marc form fields.php to minimize the risk of exploitation.Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openbiblio