Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords.
References
Configurations
Information
Published : 2006-01-24 18:03
Updated : 2017-07-19 18:29
NVD link : CVE-2006-0404
Mitre link : CVE-2006-0404
JSON object : View
CWE
Products Affected
mike_macgirvin
- note-a-day_weblog