CVE-2007-3650

Published: Jul 9, 2008Modified: Apr 23, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.

Affected (1)

Products: Mywebland: Mybloggie

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mywebland Mybloggie	Version 2.1.6

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://descriptions.securescout.com/tc/17970

Source: cve@mitre.org

http://www.netvigilance.com/advisory0039

Source: cve@mitre.org

Exploit

http://descriptions.securescout.com/tc/17970

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.netvigilance.com/advisory0039

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.