Description

PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.

Remediation

References

CVE-2005-3049

Related Vulnerabilities

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10324)

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2019-4036)

WebLogic CVE-2020-14636 Vulnerability (CVE-2020-14636)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.5)

WordPress Plugin WP e-Commerce-Store Toolkit Privilege Escalation (2.0)

Severity

Medium

Classification

CVE-2005-3049

Tags

Missing Update Known Vulnerabilities