CVE-2007-0518

Publication date

2007-01-26 01:00:00

Family

mitre

State

PUBLISHED

Description

Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.