CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-0352

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v2 Score 5.0

References

http://evuln.com/vulns/38/summary/bt/
http://www.securityfocus.com/archive/1/422268/100/0/threaded
http://www.securityfocus.com/archive/1/456069/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/24193
https://exchange.xforce.ibmcloud.com/vulnerabilities/31307
http://evuln.com/vulns/38/summary/bt/
http://www.securityfocus.com/archive/1/422268/100/0/threaded
http://www.securityfocus.com/archive/1/456069/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/24193
https://exchange.xforce.ibmcloud.com/vulnerabilities/31307

Products affected by CVE-2006-0352

Fluffington » Flog » Version: 1.01

cpe:2.3:a:fluffington:flog:1.01
Fluffington » Flog » Version: 1.1.2

cpe:2.3:a:fluffington:flog:1.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0352

Products

Pricing

Contact Us