CVE-2007-5735

Name of the Vulnerable Software and Affected Versions eFileMan versions 7.1.0.87 through 7.1.0.88

Description The issue allows remote attackers to obtain unspecified user information due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for the "cgi-bin/efileman/efileman config.pm" endpoint.

Recommendations For versions 7.1.0.87 through 7.1.0.88, consider restricting access to the efileman config.pm file to minimize the risk of exploitation. As a temporary workaround, limit direct requests to the "cgi-bin/efileman/efileman config.pm" endpoint until a more permanent solution is available.