Vulnerabilities > Mariovaldez > Simple Text File Login Script > 1.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-12-30 | CVE-2008-5763 | Code Injection vulnerability in Mariovaldez Simple Text-File Login Script 1.0.6 PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter. | 7.5 |
2008-12-30 | CVE-2008-5762 | Permissions, Privileges, and Access Controls vulnerability in Mariovaldez Simple Text-File Login Script 1.0.6 Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | 5.0 |