CVE-2007-0375 - Vulnerability Details - OpenCVE

Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla

Configuration 1 [-]

cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
http://osvdb.org/32522
http://osvdb.org/32523
http://osvdb.org/32524
http://osvdb.org/32525
http://osvdb.org/32526
http://www.hackers.ir/advisories/festival.txt
http://www.securityfocus.com/archive/1/459203/100/0/threaded

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00028}`	epss `{'score': 0.0003}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-19T23:00:00

Updated: 2024-08-07T12:19:28.989Z

Reserved: 2007-01-19T00:00:00

Link: CVE-2007-0375

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-19T23:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0375

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32522", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32522"}, {"name": "20070118 The vulnerabilities festival !", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"name": "32526", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32526"}, {"name": "32525", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32525"}, {"name": "20070204 Sql injection bugs in Joomla and Mambo", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}, {"name": "32523", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32523"}, {"name": "32524", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32524"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hackers.ir/advisories/festival.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0375", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32522", "refsource": "OSVDB", "url": "http://osvdb.org/32522"}, {"name": "20070118 The vulnerabilities festival !", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"name": "32526", "refsource": "OSVDB", "url": "http://osvdb.org/32526"}, {"name": "32525", "refsource": "OSVDB", "url": "http://osvdb.org/32525"}, {"name": "20070204 Sql injection bugs in Joomla and Mambo", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}, {"name": "32523", "refsource": "OSVDB", "url": "http://osvdb.org/32523"}, {"name": "32524", "refsource": "OSVDB", "url": "http://osvdb.org/32524"}, {"name": "http://www.hackers.ir/advisories/festival.txt", "refsource": "MISC", "url": "http://www.hackers.ir/advisories/festival.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:19:28.989Z"}, "title": "CVE Program Container", "references": [{"name": "32522", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32522"}, {"name": "20070118 The vulnerabilities festival !", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"name": "32526", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32526"}, {"name": "32525", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32525"}, {"name": "20070204 Sql injection bugs in Joomla and Mambo", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}, {"name": "32523", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32523"}, {"name": "32524", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32524"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hackers.ir/advisories/festival.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0375", "datePublished": "2007-01-19T23:00:00", "dateReserved": "2007-01-19T00:00:00", "dateUpdated": "2024-08-07T12:19:28.989Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*", "matchCriteriaId": "16F243A8-5513-4BB7-AB55-5A715D5AE546", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script."}, {"lang": "es", "value": "Joomla! 1.5.0 Beta permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de respuesta directa para (1) plugins/user/example.php; (2) gmail.php, (3) example.php, o (4) ldap.php en plugins/authentication/; (5) modules/mod_mainmenu/menu.php; u otros scripts PHP no especificados, lo cual revela la ruta en varios mensajes de error, relacionado con la llamada a la funci\u00f3n jimport al inicio de cada script."}], "id": "CVE-2007-0375", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-19T23:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32522"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32523"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32524"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32525"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32526"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.hackers.ir/advisories/festival.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32526"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.hackers.ir/advisories/festival.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/459203/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}