Vulnerabilities > CVE-2006-3370 - Information Disclosure vulnerability in Bb-News Blueboy 1.0.3

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bb-news

NVD

Published: 2006-07-06

Updated: 2018-10-18

Summary

Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.

Vulnerable Configurations

Part	Description	Count
Application	Bb-News BB News Blueboy 1.0.3	1

References

http://securityreason.com/securityalert/1192
http://www.securityfocus.com/archive/1/438964/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/27576