CVE-2002-1886

Name of the Vulnerable Software and Affected Versions TightAuction version 3.0

Description The issue allows remote attackers to obtain the database username and password due to insufficient access control of the config.inc file, which is stored under the web document root.

Recommendations For TightAuction version 3.0, consider moving the config.inc file outside of the web document root or implementing proper access controls to restrict unauthorized access to this file. As a temporary workaround, restrict access to the config.inc file to minimize the risk of exploitation.