CVE-2007-0690

Published: May 30, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

myevent-myevent-login-path-disclosure(34542)

vdb-entry

x_refsource_XF

20070528 myEvent version 1.6 Multiple Path Disclosure Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

38336

vdb-entry

x_refsource_OSVDB

34272

vdb-entry

x_refsource_OSVDB

http://www.netvigilance.com/advisory0024

x_refsource_MISC

2744

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-0690

Description

Affected Products

References