PT-2005-2152 · Sphpblog · Simple Php Blog
Y3Dips
·
Publicado
2005-04-14
·
Atualizado
2016-10-18
·
CVE-2005-1136
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Simple PHP Blog (sphpBlog) version 0.4.0
Description
The issue allows remote attackers to obtain sensitive information by directly requesting certain files. This includes accessing the
password.txt and config.txt files, potentially leading to password cracking.Recommendations
For Simple PHP Blog (sphpBlog) version 0.4.0, consider moving the
password.txt and config.txt files outside of the web document root to prevent direct access. As a temporary workaround, restrict access to these files until a proper fix is applied.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Simple Php Blog