PT-2006-4362 · Virtuastore · Virtuastore
Published
2006-07-10
·
Updated
2008-09-05
·
CVE-2006-3487
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
VirtuaStore version 2.0
Description
The issue allows remote attackers to obtain local database information due to insufficient access control of sensitive files stored under the web root. This can be achieved by directly accessing the database file
database/virtuastore.mdb.Recommendations
For VirtuaStore version 2.0, consider restricting access to the
database/virtuastore.mdb file to prevent unauthorized access until a proper fix is applied. Additionally, review and implement proper access controls for sensitive files stored under the web root.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Virtuastore