CVE-2005-4013 Information

Description

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control which allows remote attackers to obtain sensitive information such as statistics and the log directory location possibly including the logdb.dta file.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html http://freewebstat.com/changelog-english.html http://secunia.com/advisories/17789 http://www.osvdb.org/21209 http://www.osvdb.org/21210 http://www.ush.it/2005/11/19/php-web-statistik/ http://www.vupen.com/english/advisories/2005/2645 https://exchange.xforce.ibmcloud.com/vulnerabilities/23382