A vulnerability was found in Phplibre registroTL 0.1b/0.5b and classified as critical. Affected by this issue is an unknown function of the file usuarios.dat. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. CVE summarizes:

registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat.

The weakness was shared 10/17/2006 as not defined posting (Bugtraq). The advisory is available at securityfocus.com. This vulnerability is handled as CVE-2006-5316 since 10/17/2006. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details as well as a public exploit are known. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

The exploit is available at exploit-db.com. It is declared as proof-of-concept.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Exploit-DB (2502). The entries 32776, 32775, 32773 and 32772 are related to this item.

Productinfo

Vendor

• Phplibre

Name

• registroTL

Version

• 0.1b
• 0.5b

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion