TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.03447
Percentile: 0.8702

CVSS Scoring

Affected Products

• cpe:2.3:a:tightauction:tightauction:3.0:*:*:*:*:*:*:*

← Back to Home