CVE-2007-3650 : myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to ca

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.

Published 2008-07-09 00:41:00

Updated 2008-09-05 04:00:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2007-3650

Probability of exploitation activity in the next 30 days: 0.25%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-3650

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2007-3650

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-3650

http://www.netvigilance.com/advisory0039

Exploit

Products affected by CVE-2007-3650

Mywebland » Mybloggie » Version: 2.1.6
cpe:2.3:a:mywebland:mybloggie:2.1.6:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-3650

Exploit prediction scoring system (EPSS) score for CVE-2007-3650

CVSS scores for CVE-2007-3650

CWE ids for CVE-2007-3650

References for CVE-2007-3650

Products affected by CVE-2007-3650