Leif M. Wrights Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrators password.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Web_blog | Leif_m._wright | 3.5 (including) | 3.5 (including) |
References
- http://secunia.com/advisories/18923
- http://securityreason.com/securityalert/522
- http://www.evuln.com/vulns/82/summary.html
- http://www.securityfocus.com/bid/16712
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24752
- http://secunia.com/advisories/18923
- http://securityreason.com/securityalert/522
- http://www.evuln.com/vulns/82/summary.html
- http://www.securityfocus.com/bid/16712
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24752