Description

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.

Remediation

References

CVE-2008-7118

Related Vulnerabilities

Liferay DXP Incorrect Authorization Vulnerability (CVE-2024-25604)

WordPress Plugin WP User-Custom Registration Forms, Login and User Profile Multiple Vulnerabilities (7.0)

WordPress Plugin WP Human Resource Management Security Bypass (2.2.5)

Oracle JRE CVE-2013-5787 Vulnerability (CVE-2013-5787)

WordPress Plugin Pinblocks-Gutenberg blocks with Pinterest widgets Unspecified Vulnerability (1.0.1)

Severity

Medium

Classification

CVE-2008-7118 CWE-264

Tags

Missing Update Known Vulnerabilities