Описание
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-1209
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25127
- http://biyosecurity.be/bugs/patm.txt
- http://secunia.com/advisories/17134
- http://securityreason.com/securityalert/565
- http://www.blogcu.com/Liz0ziM/316652
- http://www.securityfocus.com/archive/1/427216/100/0/threaded
- http://www.securityfocus.com/archive/1/437513/100/200/threaded
EPSS
CVE ID
Связанные уязвимости
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
EPSS