PT-2007-6131 · Dblog · Blogcms
Janek Vind
+1
·
Publicado
2007-09-21
·
Atualizado
2018-10-15
·
CVE-2007-5026
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
dBlog CMS version 2.0
Description
The issue allows remote attackers to download a database containing an admin password hash via a direct request for
dblog.mdb, due to insufficient access control of sensitive information stored under the web root.Recommendations
For dBlog CMS version 2.0, consider restricting access to the
dblog.mdb file to prevent unauthorized downloads, and review the access control settings for sensitive information stored under the web root.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Blogcms