PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
References
Configurations
History
20 Nov 2024, 23:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/8392 - | |
References | () http://securityreason.com/securityalert/3653 - | |
References | () http://www.securityfocus.com/archive/1/315895/30/25400/threaded - | |
References | () http://www.securityfocus.com/bid/7167 - | |
References | () http://www.securitytracker.com/id?1006360 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/11609 - |
Information
Published : 2003-12-31 05:00
Updated : 2024-11-20 23:47
NVD link : CVE-2003-1541
Mitre link : CVE-2003-1541
CVE.ORG link : CVE-2003-1541
JSON object : View
Products Affected
planetmoon
- guestbook
CWE
CWE-264
Permissions, Privileges, and Access Controls