CVE-2007-0094

Name of the Vulnerable Software and Affected Versions Sven Moderow GuestBook version 0.3a

Description The issue allows remote attackers to download a database containing passwords due to insufficient access control. This can be achieved by making a direct request for certain database files, such as gbook97.mdb or gbook.mdb, located in the ~db/ directory.

Recommendations For Sven Moderow GuestBook version 0.3a, consider restricting access to the ~db/ directory and the database files gbook97.mdb and gbook.mdb to prevent unauthorized downloads. As a temporary workaround, restrict access to these files until a proper fix is applied.