Description

PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.

Remediation

References

CVE-2005-3049

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6148)

WordPress Plugin Post Lists View Custom Cross-Site Scripting (1.7.1)

Jenkins CVE-2021-21682 Vulnerability (CVE-2021-21682)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26035)

WordPress Plugin WP Post to PDF Enhanced Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2005-3049

Tags

Missing Update Known Vulnerabilities