CVE-2005-2229

Name of the Vulnerable Software and Affected Versions: Blog Torrent versions 0.92 and earlier

Description: The issue allows remote attackers to obtain sensitive information, such as account names and password hashes, due to insufficient access control of sensitive files stored under the web document root in the data or torrents directories. This can be demonstrated by accessing data/newusers.

Recommendations: For Blog Torrent versions 0.92 and earlier, consider restricting access to the data and torrents directories to minimize the risk of exploitation. As a temporary workaround, limit access to sensitive files within these directories until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.