RSS   Vulnerabilities for 'Login session'   RSS

2009-01-06
 
CVE-2008-5855

CWE-264
 

 
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.

 
 
CVE-2008-5854

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information.

 


Copyright 2024, cxsecurity.com

 

Back to Top