PT-2009-2239 · Yourplace · Yourplace

Osirys

Published

2009-04-29

Updated

2017-09-29

CVE-2008-6770

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: YourPlace versions 1.0.2 and earlier

Description: The issue allows remote attackers to access a database containing user credentials via a direct request for users.txt, due to insufficient access control of sensitive information stored under the web root.

Recommendations: For versions 1.0.2 and earlier, restrict access to the users.txt file to prevent unauthorized access to user credentials. Consider relocating sensitive information outside of the web root or implementing proper access controls to mitigate the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-6770

Affected Products

Yourplace

PT-2009-2239 · Yourplace · Yourplace

CVE-2008-6770

Weakness Enumeration

Related Identifiers

Affected Products

References · 5