Vulnerabilities > CVE-2005-2029 - Remote Security vulnerability in Amarok web Frontend 1.3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

amarok

NVD

Published: 2005-06-17

Updated: 2008-09-05

Summary

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.

Vulnerable Configurations

Part	Description	Count
Application	Amarok Amarok WEB Frontend 1.3	1

References

http://secunia.com/advisories/15736
http://sourceforge.net/project/shownotes.php?release_id=335719