CVE-2007-5777

Name of the Vulnerable Software and Affected Versions Blue-Collar Productions i-Gallery version 3.4

Description The issue allows remote attackers to download a file containing a base64-encoded password via a direct request for "igallery.mdb". This is due to insufficient access control, as sensitive information is stored under the web root.

Recommendations For version 3.4, consider restricting access to the "igallery.mdb" file to prevent unauthorized downloads, and review the access control settings for sensitive information stored under the web root.