Vulnerability Description
Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sphpblog | Sphpblog | 0.4_.0 |
References
- http://echo.or.id/adv/adv12-y3dips-2005.txtExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=111359320312609&w=2
- http://www.waraxe.us/ftopict-651.htmlExploitVendor Advisory
- http://echo.or.id/adv/adv12-y3dips-2005.txtExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=111359320312609&w=2
- http://www.waraxe.us/ftopict-651.htmlExploitVendor Advisory
FAQ
What is CVE-2005-1136?
CVE-2005-1136 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via...
How severe is CVE-2005-1136?
CVE-2005-1136 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1136?
Check the references section above for vendor advisories and patch information. Affected products include: Sphpblog Sphpblog.