Vulnerability Description
Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unclassified Newsboard | Unclassified Newsboard | 1.6.3 |
References
- http://osvdb.org/35201
- http://www.securityfocus.com/archive/1/463186/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33150
- http://osvdb.org/35201
- http://www.securityfocus.com/archive/1/463186/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33150
FAQ
What is CVE-2007-1597?
CVE-2007-1597 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/b...
How severe is CVE-2007-1597?
CVE-2007-1597 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1597?
Check the references section above for vendor advisories and patch information. Affected products include: Unclassified Newsboard Unclassified Newsboard.