CVE-2005-1648

2022-10-0316:22:41

mitre

www.cve.org

gurgens ultimate forum

database file

access control

usernames

passwords

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.

References

archives.neohapsis.com/archives/fulldisclosure/2005-05/0350.html

secunia.com/advisories/15374

securitytracker.com/id?1013974