Improper access control

2007-12-2000:46:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.

CPENameOperatorVersion
phprpgeq0.8

CPE	Name	Operator	Version
	phprpg	eq	0.8

References

secunia.com/advisories/27968

www.securityfocus.com/bid/26884

marc.info/?l=bugtraq&m=119774326804168&w=2