Description

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.

Remediation

References

CVE-2008-7118

Related Vulnerabilities

MySQL CVE-2014-4287 Vulnerability (CVE-2014-4287)

Apache 2.x version older than 2.0.45

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7871)

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3785)

Apache HTTP Server Other Vulnerability (CVE-2002-2103)

Severity

Medium

Classification

CVE-2008-7118 CWE-264

Tags

Missing Update Known Vulnerabilities