CVE-2007-5278 Information

Description

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control which allows remote attackers to download files that were uploaded by users as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration the directory listing is denied but filenames may be predicable.

Reference

http://www.securityfocus.com/bid/25861 https://www.exploit-db.com/exploits/4466