CVE-2007-2780

PsychoStats <3.0.6b - Info Disclosure

Title source: llm

Description

PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by kefka · textwebappsphp

https://www.exploit-db.com/exploits/30051

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24039

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39738

Mailing List mailing-list x_refsource_fulldisc

http://marc.info/?l=full-disclosure&m=117947165628273&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36582

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34366

Mailing List mailing-list x_refsource_fulldisc

http://marc.info/?l=full-disclosure&m=117948032428148&w=2

Scores

EPSS 0.1059

EPSS Percentile 93.3%

Details

CWE

CWE-200

Status published

Products (9)

psychostats/psychostats 2.0 beta

psychostats/psychostats 2.0.1 beta

psychostats/psychostats 2.1 beta

psychostats/psychostats 2.2 beta

psychostats/psychostats 2.2.1 beta

psychostats/psychostats 2.2.2 beta

psychostats/psychostats 2.2.4 beta

psychostats/psychostats 2.3 beta

psychostats/psychostats < 3.0.6b

Published May 21, 2007

Tracked Since Feb 18, 2026