Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPBlogger web根目录敏感信息泄露漏洞
Vulnerability Description
PHPBlogger 在web根目录储存敏感信息但没有赋予足够的访问控制, 这会允许远程攻击者可以借助对data/pref.db提交一个直接的请求,下载一个包含管理密码信息的数据库。 注意:该漏洞易于造成管理访问,因为组成权限cookie只需要密码信息。
CVSS Information
N/A
Vulnerability Type
N/A