Chb

**Name of the Vulnerable Software and Affected Versions** Archilles Newsworld versions prior to 1.5.0-rc1 **Description** The issue allows remote attackers to obtain sensitive information, including usernames, hashed passwords, and session IDs, and potentially gain privileges due to insufficient access control of certain files stored under the web root. **Recommendations** For versions prior to 1.5.0-rc1, update to version 1.5.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `account.nwd` and `session.nwd` files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Archilles Newsworld versions up to 1.3.0 **Description** The issue allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the `pwd` argument. This can be achieved, for example, through another Newsworld vulnerability. **Recommendations** For Archilles Newsworld versions up to 1.3.0, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the admin news.php file to minimize the risk of exploitation. Avoid using the `pwd` argument in the admin news.php file until the issue is resolved.