Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ublog_reload | Uapplication | 1.0.3 | 1.0.3 |
Ublog_reload | Uapplication | 1.0 | 1.0 |
Ublog_reload | Uapplication | 1.0.1 | 1.0.1 |
Ublog_reload | Uapplication | 1.0.2 | 1.0.2 |
Ublog_reload | Uapplication | 1.0.4 | 1.0.4 |