PT-2005-1740 · Aztek · Aztek Forum
Published
2005-03-07
·
Updated
2008-09-05
·
CVE-2005-0700
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Aztek Forum version 4.0
Description
The issue allows remote attackers to obtain database files. This is possibly achieved by setting the
ATK ADMIN cookie in the export index action in myadmin.php.Recommendations
For Aztek Forum version 4.0, consider restricting access to the
myadmin.php file and the export index action to prevent unauthorized database file access. As a temporary workaround, avoid using the export index action until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aztek Forum