Dayfox Blog slog_users.txt User Credential Disclosure
Remote / Network Access
Loss of Confidentiality
Dayfox Blog contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when directly requesting the 'edit/slog_users.txt' file, which may lead to a loss of confidentiality.
Upgrade to version DFBLOG3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): implement .htaccess file available from vendor