CVE-2006-3965 - Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient ac

CVE-2006-3965

Summary

Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.

References

http://marc.info/?l=full-disclosure&m=115423462216111&w=2

Vulnerable Configurations

cpe:2.3:a:banex:banex:2.21:*:*:*:*:*:*:*
cpe:2.3:a:banex:banex:2.21:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 03:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

fulldisc

20060730 Banex Multiple Vulnerabilities

Last major update

18-10-2016 - 03:40

Published

01-08-2006 - 22:04

Last modified

18-10-2016 - 03:40