CVE-2007-2800 - Vulnerability Details - OpenCVE

index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eticket	Eticket

Configuration 1 [-]

cpe:2.3:a:eticket:eticket:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=full-disclosure&m=118297850220633&w=2
http://www.netvigilance.com/advisory0030
http://www.osvdb.org/34785
http://www.securityfocus.com/archive/1/472431/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35122

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-28T18:00:00

Updated: 2024-08-07T13:49:57.303Z

Reserved: 2007-05-22T00:00:00

Link: CVE-2007-2800

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-28T18:30:00.000

Modified: 2024-11-21T00:31:41.560

Link: CVE-2007-2800

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.netvigilance.com/advisory0030"}, {"name": "20070627 eTicket version 1.5.5 Path Disclosure", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=118297850220633&w=2"}, {"name": "eticket-index-path-disclosure(35122)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"}, {"name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"}, {"name": "34785", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34785"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2800", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.netvigilance.com/advisory0030", "refsource": "MISC", "url": "http://www.netvigilance.com/advisory0030"}, {"name": "20070627 eTicket version 1.5.5 Path Disclosure", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=118297850220633&w=2"}, {"name": "eticket-index-path-disclosure(35122)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"}, {"name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"}, {"name": "34785", "refsource": "OSVDB", "url": "http://www.osvdb.org/34785"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:49:57.303Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.netvigilance.com/advisory0030"}, {"name": "20070627 eTicket version 1.5.5 Path Disclosure", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=118297850220633&w=2"}, {"name": "eticket-index-path-disclosure(35122)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"}, {"name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"}, {"name": "34785", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34785"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2800", "datePublished": "2007-06-28T18:00:00", "dateReserved": "2007-05-22T00:00:00", "dateUpdated": "2024-08-07T13:49:57.303Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eticket:eticket:*:*:*:*:*:*:*:*", "matchCriteriaId": "39D0574F-5574-4AB6-BF0B-784C0FDC16A9", "versionEndIncluding": "1.5.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."}, {"lang": "es", "value": "index.php de eTicket 1.5.5.1 y anteriores permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de los par\u00e1metros (1) name[], (2) email[], (3) phone[], o (4) subject[], los cuales revelan la ruta de instalaci\u00f3n en el mensaje de error resultante."}], "id": "CVE-2007-2800", "lastModified": "2024-11-21T00:31:41.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-28T18:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure&m=118297850220633&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.netvigilance.com/advisory0030"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/34785"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=118297850220633&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.netvigilance.com/advisory0030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/34785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}