PT-2005-1965 · Ublog · Ublog Reload
3Nitro
·
Published
2005-03-30
·
Updated
2016-10-18
·
CVE-2005-0938
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Ublog Reload versions 1.0 through 1.0.4
Description
The issue allows remote attackers to read usernames and hashed passwords by making a direct request to the
ublogreload.mdb file, which is stored under the web root.Recommendations
For versions 1.0 through 1.0.4, consider restricting access to the
ublogreload.mdb file to prevent unauthorized reading of sensitive data.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ublog Reload