Lucene search

[email protected]CVE-2006-5316

HistoryOct 17, 2006 - 5:07 p.m.

CVE-2006-5316

2006-10-1717:07:00

[email protected]

web.nvd.nist.gov

registrotl

sensitive information

web root

access control

remote attackers

database download

usuarios.dat

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.0%

JSON

registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat.

Affected configurations

NVD

Node

phplibreregistrotlMatch0.1b

phplibreregistrotlMatch0.5b

CPENameOperatorVersion
phplibre:registrotlphplibre registrotleq0.1b
phplibre:registrotlphplibre registrotleq0.5b

CPE	Name	Operator	Version
phplibre:registrotl	phplibre registrotl	eq	0.1b
phplibre:registrotl	phplibre registrotl	eq	0.5b

References

acid-root.new.fr/poc/13061007.txt

securityreason.com/securityalert/1734

www.securityfocus.com/archive/1/448096/100/0/threaded

www.exploit-db.com/exploits/2502

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for CVE-2006-5316

cvelist1 nvd1