PHP Advanced Transfer Manager 1.00 up to and including 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote malicious users to download each password hash via a direct request for a users/[USERNAME] file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bugada andrea php advanced transfer manager 1.00 |
||
bugada andrea php advanced transfer manager 1.22 |
||
bugada andrea php advanced transfer manager 1.21 |
||
bugada andrea php advanced transfer manager 1.03 |
||
bugada andrea php advanced transfer manager 1.20 |
||
bugada andrea php advanced transfer manager 1.02 |
||
bugada andrea php advanced transfer manager 1.01 |
||
bugada andrea php advanced transfer manager 1.30 |