CVE-2006-6866

high

Description

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.

References

https://www.exploit-db.com/exploits/3039

https://exchange.xforce.ibmcloud.com/vulnerabilities/31171

http://www.vupen.com/english/advisories/2007/0011

http://securitytracker.com/id?1017457

http://secunia.com/advisories/23577

Details

Source: Mitre, NVD

Published: 2006-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.02323