CVE-2006-7114

Name of the Vulnerable Software and Affected Versions P-News version 2.0

Description The issue allows remote attackers to obtain sensitive information, such as usernames and password hashes, via a direct request to the db/user.txt file due to insufficient access control.

Recommendations For P-News version 2.0, restrict access to the db/user.txt file to prevent remote attackers from obtaining sensitive information. Consider moving the file outside of the web document root or implementing proper access controls to mitigate the risk.