Description

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.

Remediation

References

CVE-2008-7118

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2016-2570)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2202)

WordPress Plugin Metronet Tag Manager Cross-Site Request Forgery (1.2.7)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45369)

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6531)

Severity

Medium

Classification

CVE-2008-7118 CWE-264

Tags

Missing Update Known Vulnerabilities