CVE-2006-0370

Published Jan 22, 2006

Last updated 9 months ago

Overview

Description: Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:noah_medling:rcblog:1.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0687948-6158-471D-B5F2-F635804288DB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References