CVE-2008-7118

Name of the Vulnerable Software and Affected Versions WeBid auction script version 0.5.4

Description The issue allows remote attackers to obtain SQL query logs due to insufficient access control. This is possible because sensitive information is stored under the web root, enabling attackers to access logs via a direct request for logs/cron.log.

Recommendations For WeBid auction script version 0.5.4, consider restricting access to the logs directory to prevent unauthorized access to sensitive information. As a temporary workaround, restrict access to the logs/cron.log file until a more permanent solution is implemented.