CVE-2005-3551

2005-11-1607:37:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file.

References

secunia.com/advisories/17471

www.securityfocus.com/archive/1/415975/30/0/threaded

www.vupen.com/english/advisories/2005/2343