Intrusion Prevention

PHP.password.txt.File.Download

Description

This threat attempts to download the password configuration file stored in an accessible directory by Simple PHP Blog, allowing an attacker to gain adminstrative access to the blogging application. This threat affects a web application, which typically listens on port 80.

Affected Products

Simple PHP Blog 0.4.0

Impact

System compromise.

Recommended Actions

As a workaround, ensure the config directory is moved out of the Web root directory.

CVE References

CVE-2005-2192