PT-2002-2608 · Tightauction · Tightauction

Published

2002-12-31

Updated

2008-09-05

CVE-2002-1886

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions TightAuction version 3.0

Description The issue allows remote attackers to obtain the database username and password due to insufficient access control of the config.inc file, which is stored under the web document root.

Recommendations For TightAuction version 3.0, consider moving the config.inc file outside of the web document root or implementing proper access controls to restrict unauthorized access to this file. As a temporary workaround, restrict access to the config.inc file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1886

Affected Products

Tightauction

PT-2002-2608 · Tightauction · Tightauction

CVE-2002-1886

Related Identifiers

Affected Products

References · 5