Back to search
CVE-2005-2314
Published: Jul 19, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20050713 PHPsFTPd - Admin password leak
mailing-list
x_refsource_BUGTRAQ
ADV-2005-1101
vdb-entry
x_refsource_VUPEN
14222
vdb-entry
x_refsource_BID
http://packetstorm.linuxsecurity.com/0507-exploits/phpsftpd.txt
x_refsource_MISC
15879
third-party-advisory
x_refsource_SECUNIA
1014481
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now