Unrated severityNVD Advisory· Published Jun 29, 2007· Updated Jun 16, 2026
CVE-2007-3494
CVE-2007-3494
Description
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.6
Patches
Vulnerability mechanics
References
7- www.papoo.de/index/menuid/204/reporeid/215nvdPatch
- lists.grok.org.uk/pipermail/full-disclosure/2007-June/064171.htmlnvd
- osvdb.org/37542nvd
- securityreason.com/securityalert/2853nvd
- www.securityfocus.com/archive/1/472213/100/0/threadednvd
- www.securityfocus.com/bid/24634nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35032nvd
News mentions
0No linked articles in our index yet.