Vulnerabilities > CVE-2005-2956 - Remote Information Disclosure vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | ATutor 1.5.1 Chat Logs Remote Information Disclosure Vulnerability. CVE-2005-2956. Webapps exploit for php platform |
id | EDB-ID:26258 |
last seen | 2016-02-03 |
modified | 2005-09-14 |
published | 2005-09-14 |
reporter | rgod |
source | https://www.exploit-db.com/download/26258/ |
title | ATutor 1.5.1 Chat Logs Remote Information Disclosure Vulnerability |