CVE-2007-4780

Published: Sep 10, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.

Affected (3)

Products: Joomla: Joomla

Joomla

1 product

Joomla

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla	Version 1.5.0_beta2
Joomla Joomla	Version 1.5.0_beta
Joomla Joomla	Version 1.5.0_rc1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://osvdb.org/45875

Source: cve@mitre.org

http://securityreason.com/securityalert/3108

Source: cve@mitre.org

http://www.joomla.org/content/view/3831/1/

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/478451/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/25508

Source: cve@mitre.org

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/36426

Source: cve@mitre.org

http://osvdb.org/45875