CVE-2008-5901

Name of the Vulnerable Software and Affected Versions iyzi Forum version 1.0 beta 3

Description The issue allows remote attackers to download a database file containing a password via a direct request for "db/iyziforum.mdb" due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations For iyzi Forum version 1.0 beta 3, consider restricting access to the "db/iyziforum.mdb" file to prevent unauthorized downloads until a proper fix is applied. Additionally, review and improve access controls for sensitive information stored under the web root.