PT-2006-7058 · Unknown · Vt-Forum Lite

Published

2006-12-10

Updated

2017-07-29

CVE-2006-6449

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Vt-Forum Lite versions 1.3 and earlier

Description The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access the database via a direct request for "db/forum.mdb".

Recommendations For versions 1.3 and earlier, consider restricting access to the database file "forum.mdb" to minimize the risk of exploitation. As a temporary workaround, limit direct requests to the "db/forum.mdb" file until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6449

Affected Products

Vt-Forum Lite

PT-2006-7058 · Unknown · Vt-Forum Lite

CVE-2006-6449

Related Identifiers

Affected Products

References · 3