Improper access control

2007-03-0221:18:00

PRIOn knowledge base

www.prio-n.com

5513

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.

CPENameOperatorVersion
guestbookeq1.30

CPE	Name	Operator	Version
	guestbook	eq	1.30

References

downloads.securityfocus.com/vulnerabilities/exploits/22754.py

osvdb.org/33868

secunia.com/advisories/24392

www.securityfocus.com/bid/22754