Vulnerability Description
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quicksilver Forums | Quicksilver Forums | <= 1.4.0 |
Related Weaknesses (CWE)
References
- http://forums.quicksilverforums.com/index.php?a=topic&t=1332Patch
- http://secunia.com/advisories/26998Vendor Advisory
- http://www.securityfocus.com/bid/25887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36891
- http://forums.quicksilverforums.com/index.php?a=topic&t=1332Patch
- http://secunia.com/advisories/26998Vendor Advisory
- http://www.securityfocus.com/bid/25887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36891
FAQ
What is CVE-2007-5172?
CVE-2007-5172 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.
How severe is CVE-2007-5172?
CVE-2007-5172 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5172?
Check the references section above for vendor advisories and patch information. Affected products include: Quicksilver Forums Quicksilver Forums.