Archilles Newsworld prior to 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote malicious users to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
archilles newsworld |
||
archilles newsworld 1.3.1 |
||
archilles newsworld 1.3.2 |