CVE-2007-3365

HIGH

MyServer <0.8.9 - Info Disclosure

Title source: llm

Description

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Shay Priel · textremotemultiple

https://www.exploit-db.com/exploits/30219

View Code ZIP pw:eip

References (6)

[Broken Link] http://osvdb.org/37505

[Broken Link, Vendor Advisory] http://secunia.com/advisories/25754

[Third Party Advisory] http://securityreason.com/securityalert/2827

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/471914/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34977

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24571

Scores

CVSS v3 7.5

EPSS 0.1417

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-178

Status published

Products (1)

myserverproject/myserver < 0.8.9

Published Jun 22, 2007

Tracked Since Feb 18, 2026