CVE-2007-4780
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
Joomla! 1.5 anterior a RC2 (también conocido como Endeleo) permite a atacantes remotos obtener información sensible (la ruta completa) a través de vectores no especificados, probablemente afectando a las respuestas de directorio en ciertas secuencias de comandos PHP en los directorios tmpl/.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-09-10 CVE Reserved
- 2007-09-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/45875 | Vdb Entry | |
| http://securityreason.com/securityalert/3108 | Third Party Advisory | |
| http://www.joomla.org/content/view/3831/1 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/478451/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36426 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/25508 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Joomla Search vendor "Joomla" | Joomla Search vendor "Joomla" for product "Joomla" | 1.5.0_beta Search vendor "Joomla" for product "Joomla" and version "1.5.0_beta" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla Search vendor "Joomla" for product "Joomla" | 1.5.0_beta2 Search vendor "Joomla" for product "Joomla" and version "1.5.0_beta2" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla Search vendor "Joomla" for product "Joomla" | 1.5.0_rc1 Search vendor "Joomla" for product "Joomla" and version "1.5.0_rc1" | - |
Affected
| ||||||