RSS   Podatności dla 'Simpgb'   RSS

2007-09-27
 
CVE-2007-5130

CWE-20
 
 
SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages.

 
 
CVE-2007-5129

CWE-200
 
 
SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.

 

 >>> Vendor: Boesch-it 3 Produkty
Simpgb
Simpnews
Faqengine

Copyright 2024, cxsecurity.com

 

Back to Top