CVE-2007-3529 - videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information v

CVE-2007-3529

Summary

videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message.

References

http://osvdb.org/39717
http://www.exploit-db.com/exploits/4139
http://www.securityfocus.com/archive/1/472661/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35221

Vulnerable Configurations

cpe:2.3:a:phpdirector:phpdirector:*:*:*:*:*:*:*:*
cpe:2.3:a:phpdirector:phpdirector:*:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:N/A:N

refmap via4

bugtraq	20070702 PHPDirector <= 0.21 (SQL injection/Upload SHELL) Remote Vulnerabilities
exploit-db	4139
osvdb	39717
xf	phpdirector-videos-information-disclosure(35221)

Last major update

15-10-2018 - 21:29

Published

03-07-2007 - 18:30

Last modified

15-10-2018 - 21:29