CVE-2006-5316

registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat.

Score7.8
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactNONE
Availability ImpactNONE
Published2006-10-17 01:07:00.000-04
Last Modified2018-10-17 05:42:09.000-04

Vulnerable Software List

VendorProductVersions
Phplibre Registrotl 0.1b, 0.5b

References

SourceLink
MISChttp://acid-root.new.fr/poc/13061007.txt
SREASON1734
BUGTRAQ20061007 7 php scripts File Inclusion / Source disclosure Vuln
EXPLOIT-DB2502