Description
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
Exploits (1)
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11609
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1006360
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3653
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7167
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/315895/30/25400/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/8392
Scores
EPSS
0.0577
EPSS Percentile
90.5%
Details
CWE
CWE-264
Status
published
Products (1)
planetmoon/guestbook
tr3.a.1
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026