Vulnerabilities > CVE-2005-4013 - Information Disclosure vulnerability in PHP web Statistik 1.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

php-web

NVD

Published: 2005-12-05

Updated: 2017-07-20

Summary

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file.

Vulnerable Configurations

Part	Description	Count
Application	Php_Web PHP WEB Statistik 1.4	1

References

http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html
http://freewebstat.com/changelog-english.html
http://secunia.com/advisories/17789
http://www.osvdb.org/21209
http://www.osvdb.org/21210
http://www.ush.it/2005/11/19/php-web-statistik/
http://www.vupen.com/english/advisories/2005/2645
https://exchange.xforce.ibmcloud.com/vulnerabilities/23382