Unrated severityNVD Advisory· Published Oct 8, 2007· Updated Apr 23, 2026

CVE-2007-5278

Description

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.

Affected products

Zomplog/Zomplog
cpe:2.3:a:zomplog:zomplog:3.8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/25861nvdExploitPatch
www.exploit-db.com/exploits/4466nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000