Описание
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.
Ссылки
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0 (включая)
cpe:2.3:a:dayfox_designs:dayfox_blog:*:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01666
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.
EPSS
Процентиль: 82%
0.01666
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other