PT-2003-2161 · Maxwebportal · Maxwebportal

Published

2003-12-31

Updated

2017-07-11

CVE-2003-1213

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MaxWebPortal version 1.30

Description The default installation of MaxWebPortal stores the portal database under the web document root with insecure access control. This allows remote attackers to obtain sensitive information via a direct request to the database file.

Recommendations For MaxWebPortal version 1.30, consider relocating the database outside of the web document root or implementing proper access controls to restrict unauthorized access to the database file database/db2000.mdb.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1213

Affected Products

Maxwebportal

PT-2003-2161 · Maxwebportal · Maxwebportal

CVE-2003-1213

Related Identifiers

Affected Products

References · 6