Vulnerability Description
The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plain Black | Webgui | <= 7.3.14 |
References
- http://osvdb.org/36566
- http://secunia.com/advisories/25355
- http://www.plainblack.com/bugs/tracker/dataform-security-bugExploit
- http://www.vupen.com/english/advisories/2007/1840
- http://osvdb.org/36566
- http://secunia.com/advisories/25355
- http://www.plainblack.com/bugs/tracker/dataform-security-bugExploit
- http://www.vupen.com/english/advisories/2007/1840
FAQ
What is CVE-2007-2746?
CVE-2007-2746 is a vulnerability with a CVSS score of 3.5 (LOW). The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authentica...
How severe is CVE-2007-2746?
CVE-2007-2746 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2746?
Check the references section above for vendor advisories and patch information. Affected products include: Plain Black Webgui.