CVE-2007-1341

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://code.google.com/p/simpleinvoices/issues/detail?id=35
http://forum.tufat.com/showthread.php?p=116753#post116753
http://osvdb.org/33860
http://secunia.com/advisories/24402	Vendor Advisory
http://www.securityfocus.com/bid/22818	Patch Vendor Advisory
https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:simple_invoices:simple_invoices:2006-12-11:::::::*
	cpe:2.3:a:simple_invoices:simple_invoices:2007-01-25:::::::*
	cpe:2.3:a:simple_invoices:simple_invoices:2007-02-02:::::::*

History

No history.

Information

Published : 2007-03-08 22:19

Updated : 2024-02-04 17:13

NVD link : CVE-2007-1341

Mitre link : CVE-2007-1341

CVE.ORG link : CVE-2007-1341

JSON object : View

Products Affected

simple_invoices

simple_invoices

CWE

NVD-CWE-Other

{"id": "CVE-2007-1341", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-08T22:19:00.000", "references": [{"url": "http://code.google.com/p/simpleinvoices/issues/detail?id=35", "source": "cve@mitre.org"}, {"url": "http://forum.tufat.com/showthread.php?p=116753#post116753", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33860", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24402", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22818", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information."}, {"lang": "es", "value": "include/auth/auth.php en el Simple Invoices en versiones anteriores a la 2007 03 05 no utiliza el sistema de autenticaci\u00f3n para proteger las previsualizaciones de las p\u00e1ginas a imprimir para las facturas, lo que permite a atacantes obtener informaci\u00f3n sensible."}], "lastModified": "2008-11-13T06:34:40.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simple_invoices:simple_invoices:2006-12-11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D77E73A-41DA-4806-9BA8-6B348EC68E4E"}, {"criteria": "cpe:2.3:a:simple_invoices:simple_invoices:2007-01-25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F9CCDF-6100-45A5-94F9-ED30EB68B63C"}, {"criteria": "cpe:2.3:a:simple_invoices:simple_invoices:2007-02-02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A4935F-05F9-4C93-8ED4-40811C9DF55D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}