CVE-2007-0149

Name of the Vulnerable Software and Affected Versions EMembersPro version 1.0

Description The issue allows remote attackers to download a database containing passwords due to insufficient access control. This is possible because sensitive information is stored under the web root, enabling attackers to access it via a direct request.

Recommendations For EMembersPro version 1.0, consider restricting access to sensitive files, such as the users.mdb database, to prevent unauthorized downloads until a proper fix is available. As a temporary workaround, moving sensitive information outside of the web root can help minimize the risk of exploitation.