PHP-Gastebuch Information Disclosure Vulnerabilities

vendor:

PHP-Gastebuch

by:

SecurityFocus

4.3

CVSS

MEDIUM

Information Disclosure

200

CWE

Product Name: PHP-Gastebuch

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

PHP-Gastebuch Information Disclosure Vulnerabilities

PHP-Gastebuch has been reported prone to multiple information disclosure vulnerabilities. The issue presents itself because the affected software fails to sufficiently control access to sensitive files contained in the PHP-Gastebuch installation. It has been reported that an attacker may make a request for several sensitive PHP-Gastebuch files, and in doing so reveal potentially sensitive information including administrative MD5 password hashes.

Mitigation:

Ensure that access to sensitive files is properly restricted and that all files are kept up to date with the latest security patches.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8270/info

PHP-Gastebuch has been reported prone to multiple information disclosure vulnerabilities. The issue presents itself because the affected software fails to sufficiently control access to sensitive files contained in the PHP-Gastebuch installation.

It has been reported that an attacker may make a request for several sensitive PHP-Gastebuch files, and in doing so reveal potentially sensitive information including administrative MD5 password hashes.

Information collected in this way may be used to mount further attacks against the affected system.

http://www.example.com/guestbook/guestbookdat 
http://www.example.com/guestbook/pwd