Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
References
Link | Resource |
---|---|
http://downloads.securityfocus.com/vulnerabilities/exploits/22754.py | Exploit |
http://osvdb.org/33868 | |
http://secunia.com/advisories/24392 | |
http://www.securityfocus.com/bid/22754 | Exploit Vendor Advisory |
Configurations
History
No history.
Information
Published : 2007-03-02 21:18
Updated : 2023-12-10 10:40
NVD link : CVE-2007-1192
Mitre link : CVE-2007-1192
CVE.ORG link : CVE-2007-1192
JSON object : View
Products Affected
hyperbook
- guestbook
CWE