Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.
References
Configurations
History
No history.
Information
Published : 2007-11-01 16:46
Updated : 2024-02-04 17:13
NVD link : CVE-2007-5787
Mitre link : CVE-2007-5787
CVE.ORG link : CVE-2007-5787
JSON object : View
Products Affected
phptoys
- micro_login_system
CWE
CWE-264
Permissions, Privileges, and Access Controls