CVE-2006-6974

Name of the Vulnerable Software and Affected Versions Headstart Solutions DeskPRO (affected versions not specified)

Description The issue allows remote attackers to access sensitive information due to insufficient access control. This enables attackers to list files in the includes/ directory, obtain SQL credentials via direct requests for config.php and config.php.bak in includes/, and read files in various directories such as email/, admin/graphs/, includes/javascript/, and other includes/ directories. Attackers can also download SQL database data by directly requesting files like data.sql, install.sql, settings.sql, and possibly other files in install/v2data/.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.