X0R0N

**Name of the Vulnerable Software and Affected Versions** Keyifweb Keyif Portal version 2.0 **Description** The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, making it accessible via direct requests for certain files, including `ANKET/anket.mdb`, `HABER/keyifweb.mdb`, `ASP/download.mdb`, or `SAYAC/aktif.mdb` in the `database/A9S7G6ASD790` directory. **Recommendations** For Keyifweb Keyif Portal version 2.0, consider restricting access to the `database/A9S7G6ASD790` directory to prevent unauthorized downloads of sensitive information. As a temporary workaround, limit direct requests to the files `ANKET/anket.mdb`, `HABER/keyifweb.mdb`, `ASP/download.mdb`, and `SAYAC/aktif.mdb` until proper access controls are implemented.