CVE-2007-3494

by Fred · 29/06/2007

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.

Date published : 2007-06-29

http://www.securityfocus.com/bid/24634

http://www.securityfocus.com/archive/1/472213/100/0/threaded

CVE-2007-3494

Related

Recent Posts

Categories

Latest CWE

CVE-2007-3494

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE