|Date: (C)2007-09-24 (M)2017-10-04|| |
Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt.
|CVSS Score: 5.0||Access Vector: NETWORK|
|Exploit Score: 10.0||Access Complexity: LOW|
|Impact Score: 2.9||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: NONE|
| ||Availability: NONE|