Back to search
CVE-2007-5129
Published: Sep 27, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://forum.boesch-it.de/viewtopic.php?t=2790
x_refsource_CONFIRM
40612
vdb-entry
x_refsource_OSVDB
simpgb-htaccess-information-disclosure(36777)
vdb-entry
x_refsource_XF
26974
third-party-advisory
x_refsource_SECUNIA
40613
vdb-entry
x_refsource_OSVDB
simpgb-cfginfo-information-disclosure(36776)
vdb-entry
x_refsource_XF
http://www.netvigilance.com/advisory0066
x_refsource_MISC
http://www.netvigilance.com/advisory0065
x_refsource_MISC
20070925 SimpGB version 1.46.02 File Content Disclosure Vulnerability
mailing-list
x_refsource_BUGTRAQ
20070925 SimpGB version 1.46.02 Information Disclosure Vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now