Unrated severityNVD Advisory· Published Oct 8, 2007· Updated Jun 16, 2026
CVE-2007-5278
CVE-2007-5278
Description
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/25861nvdExploitPatch
- www.exploit-db.com/exploits/4466nvd
News mentions
0No linked articles in our index yet.