Required CVE Record Information
Description
FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
References 3 Total
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- securityfocus.com: 20090317 [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability mailing-listx_transferred
- secunia.com: 34358 third-party-advisoryx_transferred
- http://e-rdc.org/v1/news.php?readmore=131 x_transferred