CVE-2006-1412

Name of the Vulnerable Software and Affected Versions TFT Gallery version 0.10

Description The issue allows remote attackers to download the admin password file and obtain password hashes via a direct request to "admin/passwd". This is due to insufficient access control of sensitive information stored under the web root.

Recommendations For TFT Gallery version 0.10, consider restricting access to the "admin/passwd" file until a patch is available. As a temporary workaround, limit access to the admin directory to minimize the risk of exploitation.