CVE-2005-2029

Name of the Vulnerable Software and Affected Versions amoroK Web Frontend version 1.3

Description The issue allows remote attackers to obtain the database username and password due to insufficient access control and the storage of the globals.inc file under the web root without a .php extension. This can be achieved via a direct request to the file.

Recommendations For amaroK Web Frontend version 1.3, consider restricting access to the globals.inc file to prevent direct requests, or rename the file to include a .php extension to prevent unauthorized access. As a temporary workaround, restrict access to the vulnerable file to minimize the risk of exploitation.