CVE-2006-0352

Name of the Vulnerable Software and Affected Versions Fluffington FLog versions 1.01 through 1.1.2

Description The default configuration of the software installs a sensitive file under the web document root with insufficient access control. This could allow remote attackers to obtain sensitive information, such as login credentials, via a direct request.

Recommendations For versions 1.01 through 1.1.2, consider restricting access to sensitive files, such as users.0.dat, to prevent remote attackers from obtaining sensitive information. As a temporary workaround, restrict access to the web document root until a proper fix is applied.