Vulnerability Description
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boesch-It | Simpnews | 2.41.03 |
| Php | Php | <= 5.0.0 |
Related Weaknesses (CWE)
References
- http://forum.boesch-it.de/viewtopic.php?t=2791Patch
- http://securityreason.com/securityalert/3174
- http://www.netvigilance.com/advisory0068
- http://www.securityfocus.com/archive/1/480588/100/0/threaded
- http://forum.boesch-it.de/viewtopic.php?t=2791Patch
- http://securityreason.com/securityalert/3174
- http://www.netvigilance.com/advisory0068
- http://www.securityfocus.com/archive/1/480588/100/0/threaded
FAQ
What is CVE-2007-5128?
CVE-2007-5128 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error...
How severe is CVE-2007-5128?
CVE-2007-5128 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5128?
Check the references section above for vendor advisories and patch information. Affected products include: Boesch-It Simpnews, Php Php.