VYPR
Unrated severityNVD Advisory· Published Oct 8, 2007· Updated Jun 16, 2026

CVE-2007-5278

CVE-2007-5278

Description

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zomplog/Zomplog2 versions
    cpe:2.3:a:zomplog:zomplog:3.8.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:zomplog:zomplog:3.8.1:*:*:*:*:*:*:*
    • (no CPE)range: <=3.8.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.