CVE-2007-3650

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
09/07/2008
Last modified:
09/04/2025

Description

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mywebland:mybloggie:2.1.6:*:*:*:*:*:*:*