CVE-2007-4157

Name of the Vulnerable Software and Affected Versions PHPBlogger (affected versions not specified)

Description The issue allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. This can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.