CVE-2005-4013 - PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control,

CVE-2005-4013

Summary

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file.

References

Vulnerable Configurations

cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*
cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20051128 Php Web Statistik Multiple Vulnerabilities
misc	http://freewebstat.com/changelog-english.html http://www.ush.it/2005/11/19/php-web-statistik/
osvdb	21209 21210
secunia	17789
vupen	ADV-2005-2645
xf	phpwebstatistik-stat-logdb-obtain-info(23382)

Last major update

20-07-2017 - 01:29

Published

05-12-2005 - 11:03

Last modified

20-07-2017 - 01:29