CVE-2006-0404

Name of the Vulnerable Software and Affected Versions Note-A-Day Weblog version 2.2

Description The issue allows remote attackers to obtain sensitive information due to insufficient access control of sensitive data stored under the web document root. This can be achieved via a direct request to the "archive/.phpass-admin" endpoint, which contains encrypted passwords.

Recommendations For Note-A-Day Weblog version 2.2, restrict access to the "archive/.phpass-admin" endpoint to minimize the risk of exploitation. Consider implementing proper access controls for sensitive data stored under the web document root.