header-logo
Suggest Exploit
vendor:
CF Image Hosting Script
by:
Dr.$audi
8,8
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: CF Image Hosting Script
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: No
Related CWE: N/A
CPE: a:codefuture:cf_image_hosting_script:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

CF Image Hosting script 1.3 (settings.cdb) Information Disclosure Vulnerability

A vulnerability in the CF Image Hosting script version 1.3 allows an attacker to view the settings.cdb file which contains sensitive information such as the database username and password. This vulnerability is due to the fact that the settings.cdb file is stored in the upload/data directory which is accessible to the public.

Mitigation:

The settings.cdb file should be moved to a directory that is not accessible to the public.
Source

Exploit-DB raw data:

### Title: CF Image Hosting script 1.3 (settings.cdb) Information Disclosure Vulnerability ###
#######################################
#
# By: Dr.$audi
# Home: sa-virus.com
# Email: Mon7b6@gmail.com
# Date: aug 29th 2010
# Greez to: all sa-virus and v4-team members .
#
#######################################
#
# Script: CF Image Hosting script v 1.3
# HomePage: www.codefuture.co.uk/projects/imagehost1.3/
#
#######################################
#
# Exploit:
# 
# http://server/upload/data/settings.cdb
#
#######################################

Navigation

Suggest Exploit

Services By CQR