Summary
Singapore is a PHP based photo gallery web application.
Due to inaddequate security settings, the file used to stored the administrative password is easily accessible, and the MD5 with which the product protects the password is feasibably crackable.
Solution
Use the web site's ACL to deny access to the file adminusers.csv.
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Baby Gekko CMS Multiple Vulnerabilities
- b2ePMS Multiple SQL Injection Vulnerabilities
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Apache Axis2 Document Type Declaration Processing Security Vulnerability