CVE-2007-3556

2007-07-0415:00:00

mitre

www.cve.org

6.4 Medium

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.5%

JSON

Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc.

References

osvdb.org/45744

securityreason.com/securityalert/2857

securityvulns.ru/Rdocument392.html

www.securityfocus.com/archive/1/472727/100/0/threaded

www.securityfocus.com/bid/24749

exchange.xforce.ibmcloud.com/vulnerabilities/35243