Cyber.Zer0

**Name of the Vulnerable Software and Affected Versions** ForumApp version 3.3 **Description** The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for specific database files, such as `data/8690.mdb` or `data/8690BAK.mdb`. **Recommendations** For ForumApp version 3.3, restrict access to the `data/8690.mdb` and `data/8690BAK.mdb` files to prevent unauthorized downloads. Consider implementing proper access controls for sensitive information stored under the web root.

**Name of the Vulnerable Software and Affected Versions** Nukedit version 4.9.8 **Description** The issue allows remote attackers to download a database file containing usernames and passwords due to insufficient access control. This is possible via a direct request for the database file. **Recommendations** For Nukedit version 4.9.8, consider restricting access to the database file to minimize the risk of exploitation. As a temporary workaround, limit direct requests to the database/dbsite.mdb file until a more secure configuration or update is available.