CVE-2008-5765

Name of the Vulnerable Software and Affected Versions WorkSimple version 1.2.1

Description The issue allows remote attackers to download a database file containing usernames and passwords due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for the data/usr.txt file.

Recommendations For WorkSimple version 1.2.1, consider restricting access to the data/usr.txt file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, limit access to sensitive information stored under the web root.