vendor:
SimpleBBS
by:
SecurityFocus
7.5
CVSS
HIGH
Insecure Permissions
276
CWE
Product Name: SimpleBBS
Affected Version From: 1.0.6
Affected Version To: 1.0.6
Patch Exists: NO
Related CWE: N/A
CPE: a:simplebbs:simplebbs:1.0.6
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
SimpleBBS World-Readable Files Vulnerability
SimpleBBS reportedly creates sensitive files with world-readable permissions. As a result anyone who has access to SimpleBBS web resources may access confidential information stored in the SimpleBBS user database.
Mitigation:
Ensure that all files created by SimpleBBS are not world-readable.
