2006-01-19 01:00:00
mitre
PUBLISHED
PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities.