Improper access control

2007-01-3018:28:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.

CPENameOperatorVersion
sitemaneq2.0.0-x2

CPE	Name	Operator	Version
	siteman	eq	2.0.0-x2

References

osvdb.org/33590

securityreason.com/securityalert/2206

www.securityfocus.com/archive/1/458081/100/0/threaded