Description
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2016-4071)
WordPress Plugin WP-Matomo (WP-Piwik) Unspecified Vulnerability (1.0.18)
Oracle JRE CVE-2011-3547 Vulnerability (CVE-2011-3547)
Plone CMS Other Vulnerability (CVE-2006-1711)
WordPress Plugin Accessibility Suite by Online ADA SQL Injection (2.0.10)