Vulnerabilities > CVE-2007-0518 - Information Disclosure vulnerability in Smart PHP Subscriber

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
scriptsez
exploit available
NVD
Published: 2007-01-26
Updated: 2018-10-16

Summary

Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.

Vulnerable Configurations

Part Description Count
Application
Scriptsez
1

Exploit-Db

descriptionSmart PHP Subscriber Multiple Disclosure Vulnerabilities. CVE-2007-0518. Webapps exploit for php platform
idEDB-ID:10437
last seen2016-02-01
modified2009-12-14
published2009-12-14
reporterMilos Zivanovic
sourcehttps://www.exploit-db.com/download/10437/
titleSmart PHP Subscriber Multiple Disclosure Vulnerabilities

References