CVE-2008-6147

Name of the Vulnerable Software and Affected Versions ForumApp version 3.3

Description The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for specific database files, such as data/8690.mdb or data/8690BAK.mdb.

Recommendations For ForumApp version 3.3, restrict access to the data/8690.mdb and data/8690BAK.mdb files to prevent unauthorized downloads. Consider implementing proper access controls for sensitive information stored under the web root.