CVE-2006-6866
Summary
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
- LOW
- NETWORK
- NONE
- NONE
- COMPLETE
- NONE
References
Advisory Timeline
- Published