CVE-2002-1886

2022-10-0316:23:48

mitre

www.cve.org

tightauction 3.0

config.inc

access control

vulnerability

database

username

password

6.7 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.4%

JSON

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.

References

archives.neohapsis.com/archives/bugtraq/2002-10/0016.html

www.iss.net/security_center/static/10310.php

www.securityfocus.com/bid/5850