Sensitive Information Disclosure and Password Cracking Vulnerability in Simple PHP Blog (sphpBlog) 0.4.0

Sensitive Information Disclosure and Password Cracking Vulnerability in Simple PHP Blog (sphpBlog) 0.4.0

CVE-2005-1136 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files.

Learn more about our Web App Pen Testing.