CVE-2005-2029

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.

Published: Jun 17, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2029
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
amarok / web_frontend	1.3	1.3.x

http://secunia.com/advisories/15736
http://sourceforge.net/project/shownotes.php?release_id=335719

Vulnerability Database

290,018

CVE-2005-2029