Vulnerability Description
include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simple Invoices | Simple Invoices | 2006-12-11 |
References
- http://code.google.com/p/simpleinvoices/issues/detail?id=35
- http://forum.tufat.com/showthread.php?p=116753#post116753
- http://osvdb.org/33860
- http://secunia.com/advisories/24402Vendor Advisory
- http://www.securityfocus.com/bid/22818PatchVendor Advisory
- https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300
- http://code.google.com/p/simpleinvoices/issues/detail?id=35
- http://forum.tufat.com/showthread.php?p=116753#post116753
- http://osvdb.org/33860
- http://secunia.com/advisories/24402Vendor Advisory
- http://www.securityfocus.com/bid/22818PatchVendor Advisory
- https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300
FAQ
What is CVE-2007-1341?
CVE-2007-1341 is a vulnerability with a CVSS score of 5.0 (MEDIUM). include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.
How severe is CVE-2007-1341?
CVE-2007-1341 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1341?
Check the references section above for vendor advisories and patch information. Affected products include: Simple Invoices Simple Invoices.