Unrated severityNVD Advisory· Published Jan 21, 2006· Updated Apr 16, 2026

CVE-2006-0352

Description

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected.

Affected products

Fluffington/Flog2 versions
cpe:2.3:a:fluffington:flog:1.01:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fluffington:flog:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:fluffington:flog:1.1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

evuln.com/vulns/38/summary/bt/nvd
www.securityfocus.com/archive/1/422268/100/0/threadednvd
www.securityfocus.com/archive/1/456069/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/24193nvd
exchange.xforce.ibmcloud.com/vulnerabilities/31307nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000