Описание
Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0_rc1 (включая)
Одно из
cpe:2.3:a:archilles:newsworld:*:*:*:*:*:*:*:*
cpe:2.3:a:archilles:newsworld:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:archilles:newsworld:1.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00874
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.
EPSS
Процентиль: 75%
0.00874
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other