vendor:
Smart PHP Subscriber
by:
Milos Zivanovic
3.3
CVSS
MEDIUM
Multiple Disclosure Vulnerabilities
200
CWE
Product Name: Smart PHP Subscriber
Affected Version From: the only one there is
Affected Version To: the only one there is
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2009
Smart PHP Subscriber Multiple Disclosure Vulnerabilities
Admin password is saved locally in pwd.txt file with some simple encoding. List of subscribed emails is saved locally in subscribe.txt file with base64 encoding. Each line holds info about 1 subscriber.
Mitigation:
Ensure that sensitive information is not stored in plaintext or easily reversible formats.