CVE-2007-1341 | Vulnerability Database | Aqua Security

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.

Affected Software

Name	Vendor	Start Version	End Version
Simple_invoices	Simple_invoices	2006-12-11 (including)	2006-12-11 (including)
Simple_invoices	Simple_invoices	2007-01-25 (including)	2007-01-25 (including)
Simple_invoices	Simple_invoices	2007-02-02 (including)	2007-02-02 (including)

References

http://code.google.com/p/simpleinvoices/issues/detail?id=35
http://forum.tufat.com/showthread.php?p=116753#post116753
http://osvdb.org/33860
http://secunia.com/advisories/24402
http://www.securityfocus.com/bid/22818
https://sourceforge.net/project/shownotes.php?group_id=164303\u0026release_id=491300
http://code.google.com/p/simpleinvoices/issues/detail?id=35
http://forum.tufat.com/showthread.php?p=116753#post116753
http://osvdb.org/33860
http://secunia.com/advisories/24402
http://www.securityfocus.com/bid/22818
https://sourceforge.net/project/shownotes.php?group_id=164303\u0026release_id=491300

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1341
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html