Sensitive Information Disclosure in Shoutbox SCRIPT 3.0.2 and Earlier

Sensitive Information Disclosure in Shoutbox SCRIPT 3.0.2 and Earlier

CVE-2005-1220 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.

Learn more about our User Device Pen Test.