CVE-2005-3551
CVE-2005-3551 concerns toendaCMS prior to 0.6.2, where user account and session data are stored in the web root as XML files. An unauthenticated attacker can retrieve these files via direct HTTP requests, potentially exposing password hashes and other sensitive information. The core issue is impr...