Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Simple_text-file_login_script | Mariovaldez | 1.0.6 (including) | 1.0.6 (including) |