WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
References
Configurations
History
20 Nov 2024, 23:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityreason.com/securityalert/3257 - | |
References | () http://www.securityfocus.com/archive/1/313575 - | |
References | () http://www.securityfocus.com/bid/6996 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/11443 - |
Information
Published : 2003-12-31 05:00
Updated : 2024-11-20 23:47
NVD link : CVE-2003-1383
Mitre link : CVE-2003-1383
CVE.ORG link : CVE-2003-1383
JSON object : View
Products Affected
logicworks
- web_erp
CWE
CWE-264
Permissions, Privileges, and Access Controls