PT-2003-2486 · Planetmoon · Planetmoon Guestbook

Published

2003-12-31

Updated

2018-10-19

CVE-2003-1541

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PlanetMoon Guestbook tr3.a

Description The issue allows remote attackers to obtain sensitive information, including the admin script password and other passwords, by making a direct request to files/passwd.txt due to insufficient access control.

Recommendations For PlanetMoon Guestbook tr3.a, restrict access to the files/passwd.txt to minimize the risk of exploitation. Consider implementing proper access controls to sensitive information stored under the web root.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2003-1541

Affected Products

Planetmoon Guestbook

PT-2003-2486 · Planetmoon · Planetmoon Guestbook

CVE-2003-1541

Weakness Enumeration

Related Identifiers

Affected Products

References · 8