PT-2008-3771 · Unknown · Freelance Auction Script

T0Pp8Uzz

Published

2008-05-16

Updated

2017-09-29

CVE-2008-2279

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Freelance Auction Script version 1.0

Description: The issue allows attackers to gain privileges by reading the tbl users table, which stores user passwords in plaintext.

Recommendations: For Freelance Auction Script version 1.0, consider implementing password hashing to securely store user passwords, and restrict access to the tbl users table to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2008-2279

Affected Products

Freelance Auction Script

PT-2008-3771 · Unknown · Freelance Auction Script

CVE-2008-2279

Weakness Enumeration

Related Identifiers

Affected Products

References · 3