CVE-2003-1213

Name of the Vulnerable Software and Affected Versions MaxWebPortal version 1.30

Description The default installation of MaxWebPortal stores the portal database under the web document root with insecure access control. This allows remote attackers to obtain sensitive information via a direct request to the database file.

Recommendations For MaxWebPortal version 1.30, consider relocating the database outside of the web document root or implementing proper access controls to restrict unauthorized access to the database file database/db2000.mdb.