PT-2006-5365 · Unknown · The Address Book

Published

2006-12-31

Updated

2017-07-20

CVE-2006-4578

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description The issue allows remote attackers to obtain sensitive information by accessing a publicly accessible file that contains username and password hash information. This occurs when the export.php file dumps the MySQL database contents.

Recommendations For version 1.04e, consider restricting access to the export.php file to prevent remote attackers from obtaining sensitive information. As a temporary workaround, avoid using the export functionality until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4578

Affected Products

The Address Book

PT-2006-5365 · Unknown · The Address Book

CVE-2006-4578

Related Identifiers

Affected Products

References · 6