PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/.
References
Link | Resource |
---|---|
http://www.exploit-db.com/exploits/17085 | Exploit |
http://secunia.com/advisories/43949 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/66474 |
Configurations
Information
Published : 2011-04-09 19:51
Updated : 2017-08-16 18:34
NVD link : CVE-2011-1665
Mitre link : CVE-2011-1665
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
phpboost
- phpboost