Описание
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:p-news:p-news:1.16:*:*:*:*:*:*:*
cpe:2.3:a:p-news:p-news:1.17:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05379
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
EPSS
Процентиль: 90%
0.05379
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other