CVE-2007-5431

Published Oct 12, 2007

Last updated 6 years ago

Overview

Description: include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:javaatwork:myftpuploader_module:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E571DABF-D38D-4DF2-8C0A-E9AFADC70AFB"
          },
          {
            "criteria": "cpe:2.3:a:scottmanktelow:stride:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B48EF2ED-045D-4BB9-B31D-C57C50CB9277"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References