Vulnerabilities > CVE-2005-2956 - Remote Information Disclosure vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
adaptive-technology-resource-centre
exploit available

Summary

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.

Vulnerable Configurations

Part Description Count
Application
Adaptive_Technology_Resource_Centre
1

Exploit-Db

descriptionATutor 1.5.1 Chat Logs Remote Information Disclosure Vulnerability. CVE-2005-2956. Webapps exploit for php platform
idEDB-ID:26258
last seen2016-02-03
modified2005-09-14
published2005-09-14
reporterrgod
sourcehttps://www.exploit-db.com/download/26258/
titleATutor 1.5.1 Chat Logs Remote Information Disclosure Vulnerability