CVE-2007-5278

Name of the Vulnerable Software and Affected Versions: Zomplog versions 3.8.1 and earlier

Description: The issue allows remote attackers to download files uploaded by users due to insufficient access control. This can be achieved by obtaining a directory listing via a direct request to "/upload" and then retrieving individual files. In non-default configurations where directory listings are denied, filenames may still be predictable.

Recommendations: For Zomplog versions 3.8.1 and earlier, consider restricting access to the "/upload" directory to prevent remote attackers from obtaining directory listings and retrieving individual files. As a temporary workaround, restrict access to the upload feature until a fix is available.