Description

PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.

Remediation

References

CVE-2005-3049

Related Vulnerabilities

e107 Other Vulnerability (CVE-2006-0682)

WordPress Plugin BSK PDF Manager Multiple SQL Injection Vulnerabilities (1.3.2)

WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.51)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4938)

Severity

Medium

Classification

CVE-2005-3049

Tags

Missing Update Known Vulnerabilities