CVE-2007-1341

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.

Published: Mar 8, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1341
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
simple_invoices / simple_invoices	2006-12-11	2006-12-11.x
simple_invoices / simple_invoices	2007-02-02	2007-02-02.x
simple_invoices / simple_invoices	2007-01-25	2007-01-25.x

http://code.google.com/p/simpleinvoices/issues/detail?id=35
http://forum.tufat.com/showthread.php?p=116753#post116753
http://osvdb.org/33860
http://secunia.com/advisories/24402
http://www.securityfocus.com/bid/22818
https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300

Vulnerability Database

290,020

CVE-2007-1341