CVE-2005-1586

2005-05-1404:00:00

mitre

www.cve.org

quick.forum

sensitive information

web document root

remote attackers

backups

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

78.1%

JSON

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.

References

lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html

secunia.com/advisories/15200

www.osvdb.org/16328

www.osvdb.org/16329