Vulnerabilities > CVE-2002-1886 - Information Disclosure vulnerability in Tightauction 3.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tightauction

exploit available

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.

Vulnerable Configurations

Part	Description	Count
Application	Tightauction Tightauction Tightauction 3.0	1

Exploit-Db

description	TightAuction 3.0 Config.INC Information Disclosure Vulnerability. CVE-2002-1886. Webapps exploit for php platform
id	EDB-ID:21893
last seen	2016-02-02
modified	2002-10-02
published	2002-10-02
reporter	frog
source	https://www.exploit-db.com/download/21893/
title	TightAuction 3.0 Config.INC Information Disclosure Vulnerability

References

http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
http://www.iss.net/security_center/static/10310.php
http://www.securityfocus.com/bid/5850