Zomplog: >> Zomplog >> 3.8 Security Vulnerabilities
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
CVSS Score
7.5
EPSS Score
0.052
Published
2007-10-05
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230.
CVSS Score
4.6
EPSS Score
0.025
Published
2007-10-05
Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVSS Score
7.8
EPSS Score
0.07
Published
2007-04-19