Description

PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.

Remediation

References

CVE-2005-3049

Related Vulnerabilities

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-33334)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5687)

Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)

WordPress Plugin Nextend Facebook Connect Unspecified Vulnerability (1.5.7)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2006-0369)

Severity

Medium

Classification

CVE-2005-3049

Tags

Missing Update Known Vulnerabilities