Lucene search

[email protected]CVE-2007-5172

HistoryOct 01, 2007 - 8:17 p.m.

CVE-2007-5172

2007-10-0120:17:00

CWE-200

[email protected]

web.nvd.nist.gov

quicksilver forums

cve-2007-5172

information disclosure

database security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.

Affected configurations

NVD

Node

quicksilver_forumsquicksilver_forumsRange≤1.4.0

CPENameOperatorVersion
quicksilver_forums:quicksilver_forumsquicksilver forumsle1.4.0

CPE	Name	Operator	Version
quicksilver_forums:quicksilver_forums	quicksilver forums	le	1.4.0

References

forums.quicksilverforums.com/index.php?a=topic&t=1332

secunia.com/advisories/26998

www.securityfocus.com/bid/25887

exchange.xforce.ibmcloud.com/vulnerabilities/36891

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2007-5172

cvelist1 prion1 nvd1