CVE-2008-5855

Name of the Vulnerable Software and Affected Versions myPHPscripts Login Session version 2.0

Description The issue allows remote attackers to discover sensitive information, including usernames, e-mail addresses, and password hashes, by making a direct request for the users.txt file. This is due to insufficient access control for sensitive information stored under the web root.

Recommendations For myPHPscripts Login Session version 2.0, consider restricting access to the users.txt file to prevent unauthorized disclosure of sensitive information. As a temporary workaround, restrict access to the web root directory to minimize the risk of exploitation.