DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
deluxebb deluxebb 1.3 |