CVE-2007-4861
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.
SAXON 5.4, con display_errors habilitado, permite a atacantes remotos obtener información sensible a través de (1) una respuesta directa para news.php, (2) una utilización inválida de un parámetro array newsid en admin/edit-item.php, y posiblemente vectores no especificados relacionado con secuencias de comandos adicionales en (3) admin/, (4) rss/, y (5) el directorio raiz de instalación, lo cual revela la ruta en varios mensajes de error.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-13 CVE Reserved
- 2007-10-30 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/45330 | Vdb Entry | |
| http://osvdb.org/45331 | Vdb Entry | |
| http://osvdb.org/45332 | Vdb Entry | |
| http://osvdb.org/45333 | Vdb Entry | |
| http://osvdb.org/45334 | Vdb Entry | |
| http://securityreason.com/securityalert/3311 | Third Party Advisory | |
| http://www.netvigilance.com/advisory0053 | X_refsource_misc | |
| http://www.quirm.net/punbb/viewtopic.php?id=129 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/482930/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38138 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|