Description

PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.

Remediation

References

CVE-2005-3049

Related Vulnerabilities

SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)

CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1550)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4225)

WordPress Plugin WordPress Gallery MaxGalleria Unspecified Vulnerability (6.0.8)

WordPress Plugin WP Smart Security PHP Object Injection (1.0)

Severity

Medium

Classification

CVE-2005-3049

Tags

Missing Update Known Vulnerabilities