CVE-2012-5901 Information

Description

DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control which allows remote attackers to read logs images or reports via a direct request to the file in the (1) log (2) images or (3) report directory.

Reference

http://osvdb.org/80773 http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html http://secunia.com/advisories/48585 http://www.securityfocus.com/bid/52817 https://exchange.xforce.ibmcloud.com/vulnerabilities/74491