CVE-2003-1541

high

Description

PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11609

http://www.securitytracker.com/id?1006360

http://www.securityfocus.com/bid/7167

http://www.securityfocus.com/archive/1/315895/30/25400/threaded

http://securityreason.com/securityalert/3653

http://secunia.com/advisories/8392

Details

Source: Mitre, NVD

Published: 2003-12-31

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics