Vulnerabilities > CVE-2003-1401 - Credentials Management vulnerability in PHP Board PHP Board 1.0

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

php-board

CWE-255

exploit available

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.

Vulnerable Configurations

Part	Description	Count
Application	Php_Board PHP Board PHP Board 1.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	PHP-Board 1.0 User Password Disclosure Vulnerability. CVE-2003-1401. Webapps exploit for php platform
id	EDB-ID:22252
last seen	2016-02-02
modified	2003-02-15
published	2003-02-15
reporter	frog
source	https://www.exploit-db.com/download/22252/
title	PHP-Board 1.0 User Password Disclosure Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References