Vulnerabilities > CVE-2007-0607 - Remote Security vulnerability in W-Agora 4.2.1

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
w-agora

Summary

W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.

Vulnerable Configurations

Part Description Count
Application
W-Agora
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/55253/wagora-disclose.txt
idPACKETSTORM:55253
last seen2016-12-05
published2007-03-20
reporterJesper Jurcenoks
sourcehttps://packetstormsecurity.com/files/55253/wagora-disclose.txt.html
titlewagora-disclose.txt