Vulnerability Description
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scriptsez | Smart Php Subscriber | All versions |
References
- http://osvdb.org/32946
- http://secunia.com/advisories/23886Vendor Advisory
- http://securityreason.com/securityalert/2183
- http://www.securityfocus.com/archive/1/457852/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31701
- http://osvdb.org/32946
- http://secunia.com/advisories/23886Vendor Advisory
- http://securityreason.com/securityalert/2183
- http://www.securityfocus.com/archive/1/457852/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31701
FAQ
What is CVE-2007-0518?
CVE-2007-0518 is a vulnerability with a CVSS score of 7.5 (HIGH). Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct ...
How severe is CVE-2007-0518?
CVE-2007-0518 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0518?
Check the references section above for vendor advisories and patch information. Affected products include: Scriptsez Smart Php Subscriber.