CVE-2004-2060

Name of the Vulnerable Software and Affected Versions ASPRunner version 2.4

Description The issue allows remote attackers to obtain the database by making a direct request to the database filename. The database filename is predictable based on table and field names, such as tablename and fieldname. This predictability may enable attackers to access the database via a direct request to the database filename.

Recommendations For ASPRunner version 2.4, consider moving the database outside of the web root directory to prevent direct access. As a temporary workaround, restrict access to the db directory to minimize the risk of exploitation.