CVE-2009-5068

HIGH Year: 2009
CVSS v3 Score
7.2
High
CVSS v2 Score
3.5
Low
Weakness Type
CWE-312
View all →

Vulnerability Description

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.

Related Vulnerabilities

CVE-2018-10871

HIGH
CVSS:7.2(High)

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores ...

CWE-3122018

CVE-2018-19981

HIGH
CVSS:7.2(High)

Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to ...

CWE-3122018

CVE-2019-3753

HIGH
CVSS:7.2(High)

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored ...

CWE-3122019

CVE-2019-6549

HIGH
CVSS:7.2(High)

An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.

CWE-3122019

CVE-2020-29001

HIGH
CVSS:7.2(High)

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTf...

CWE-3122020

CVE-2023-50957

HIGH
CVSS:7.2(High)

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

CWE-3122023