Description
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
Remediation
References
Related Vulnerabilities
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4306)
WordPress Plugin YouSayToo auto-publishing 'submit' Parameter Cross-Site Scripting (1.0.1)
WordPress Plugin WordPoints Multiple Vulnerabilities (1.7.0)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8156)
WordPress Plugin WooCommerce Multiple Vulnerabilities (6.2.0)