CVE-2006-3780

Name of the Vulnerable Software and Affected Versions Keyifweb Keyif Portal version 2.0

Description The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, making it accessible via direct requests for certain files, including ANKET/anket.mdb, HABER/keyifweb.mdb, ASP/download.mdb, or SAYAC/aktif.mdb in the database/A9S7G6ASD790 directory.

Recommendations For Keyifweb Keyif Portal version 2.0, consider restricting access to the database/A9S7G6ASD790 directory to prevent unauthorized downloads of sensitive information. As a temporary workaround, limit direct requests to the files ANKET/anket.mdb, HABER/keyifweb.mdb, ASP/download.mdb, and SAYAC/aktif.mdb until proper access controls are implemented.