vendor:
PHP Advanced Transfer Manager
by:
5.5
CVSS
MEDIUM
Unauthorized Access
CWE
Product Name: PHP Advanced Transfer Manager
Affected Version From: 1.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
PHP Advanced Transfer Manager Unauthorized Access
Access to sensitive files containing authentication credentials is not restricted, allowing remote attackers to obtain a user's password hash and authenticate to the service using a cookie.
Mitigation:
Implement access restrictions to sensitive files and ensure proper authentication mechanisms are in place.