Vulnerability Details CVE-2007-1341
include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://code.google.com/p/simpleinvoices/issues/detail?id=35
- http://forum.tufat.com/showthread.php?p=116753#post116753
- http://osvdb.org/33860
- http://secunia.com/advisories/24402
- http://www.securityfocus.com/bid/22818
- https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300
- http://code.google.com/p/simpleinvoices/issues/detail?id=35
- http://forum.tufat.com/showthread.php?p=116753#post116753
- http://osvdb.org/33860
- http://secunia.com/advisories/24402
- http://www.securityfocus.com/bid/22818
- https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300
Products affected by CVE-2007-1341
-
cpe:2.3:a:simple_invoices:simple_invoices:2006-12-11
-
cpe:2.3:a:simple_invoices:simple_invoices:2007-01-25
-
cpe:2.3:a:simple_invoices:simple_invoices:2007-02-02