Vulnerability Description
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Web | Statistik | 1.4 |
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.htmlVendor Advisory
- http://freewebstat.com/changelog-english.html
- http://secunia.com/advisories/17789Vendor Advisory
- http://www.osvdb.org/21209
- http://www.osvdb.org/21210
- http://www.ush.it/2005/11/19/php-web-statistik/PatchVendor Advisory
- http://www.vupen.com/english/advisories/2005/2645
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23382
- http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.htmlVendor Advisory
- http://freewebstat.com/changelog-english.html
- http://secunia.com/advisories/17789Vendor Advisory
- http://www.osvdb.org/21209
- http://www.osvdb.org/21210
- http://www.ush.it/2005/11/19/php-web-statistik/PatchVendor Advisory
- http://www.vupen.com/english/advisories/2005/2645
FAQ
What is CVE-2005-4013?
CVE-2005-4013 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directo...
How severe is CVE-2005-4013?
CVE-2005-4013 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4013?
Check the references section above for vendor advisories and patch information. Affected products include: Php Web Statistik.