CVE-2008-3451

Published: Aug 4, 2008Modified: Apr 23, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.

Affected (2)

Products: Phpwebgallery: Phpwebgallery

Phpwebgallery

1 product

Phpwebgallery

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Phpwebgallery Phpwebgallery	Version 1.7.0
Phpwebgallery Phpwebgallery	Version 1.7.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://bugs.phpwebgallery.net/view.php?id=769

Source: cve@mitre.org

http://forum.phpwebgallery.net/viewtopic.php?id=13545

Source: cve@mitre.org

http://secunia.com/advisories/31232

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2008/08/01/3

Source: cve@mitre.org

http://www.securityfocus.com/bid/30431

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/44101

Source: cve@mitre.org

http://bugs.phpwebgallery.net/view.php?id=769