RSS   Vulnerabilities for 'Gekko'   RSS

2007-12-14
 
CVE-2007-6361

CWE-264
 

 
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.

 


Copyright 2024, cxsecurity.com

 

Back to Top