CVE-2005-1136

Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files.

Published: Apr 14, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-1136
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sphpblog / sphpblog	0.4_.0	0.4_.0.x

http://echo.or.id/adv/adv12-y3dips-2005.txt
http://marc.info/?l=bugtraq&m=111359320312609&w=2
http://www.waraxe.us/ftopict-651.html

Vulnerability Database

CVE-2005-1136