Insufficient Access Control in Zomplog Allows Remote File Download
CVE-2007-5278

Currently unrated

Key Information:

Vendor: Zomplog
Status: Zomplog
Vendor: CVE Published:; 8 October 2007

What is CVE-2007-5278?

Zomplog versions 3.8.1 and earlier are prone to insufficient access control, leading to potential exposure of sensitive files uploaded by users. Attackers can exploit this vulnerability by accessing the upload directory, which may allow them to download files directly if the directory listing is enabled. While directory listing may be disabled in default configurations, predictable filenames can still pose a risk, giving attackers a pathway to sensitive information.

References

https://www.exploit-db.com/exploits/4466

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/25861

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2007
Vulnerability Reserved
Oct 8, 2007

JSON