CVE-2007-5278

Zomplog - Access Control

Title source: rule

Description

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.

Exploits (1)

exploitdb WORKING POC VERIFIED
by InATeam · phpwebappsphp
https://www.exploit-db.com/exploits/4466

References (2)

Scores

EPSS 0.0449
EPSS Percentile 89.2%

Details

CWE
CWE-264
Status published
Products (1)
zomplog/zomplog 3.8.1
Published Oct 08, 2007
Tracked Since Feb 18, 2026