CVE-2007-3494
First published: Fri Jun 29 2007(Updated: )
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Papoo Papoo | <=3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.papoo.de/index/menuid/204/reporeid/215
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064171.html
- http://www.securityfocus.com/bid/24634
- http://securityreason.com/securityalert/2853
- http://osvdb.org/37542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35032
- http://www.securityfocus.com/archive/1/472213/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/papoo
- canonical/papoo papoo
- version/papoo papoo/3.6