CVE-2006-6866 Information

Description

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control which allows remote attackers to obtain usernames email addresses and password hashes via a direct request for data/users.txt.

Reference

http://secunia.com/advisories/23577 http://securitytracker.com/id?1017457 http://www.vupen.com/english/advisories/2007/0011 https://exchange.xforce.ibmcloud.com/vulnerabilities/31171 https://www.exploit-db.com/exploits/3039