PT-2006-1441 · Rcblog · Rcblog
Aliaksandr Hartsuyeu
·
Published
2006-01-22
·
Updated
2024-02-14
·
CVE-2006-0370
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
RCBlog version 1.03
Description
The issue allows remote attackers to view account names and MD5 password hashes due to insufficient access control of the data and config directories stored under the web root.
Recommendations
For RCBlog version 1.03, consider restricting access to the data and config directories to prevent remote viewing of sensitive information. As a temporary workaround, restrict access to these directories until a proper fix is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rcblog