CVE-2007-1300

Name of the Vulnerable Software and Affected Versions DOURAN Software Technologies ISPUtil version 3.32.84.1 and possibly earlier versions

Description The issue allows remote attackers to obtain user and reseller data due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for the scripts/activesessions.ini file.

Recommendations For version 3.32.84.1 and possibly earlier versions, restrict access to the scripts/activesessions.ini file to minimize the risk of exploitation. Consider implementing proper access controls for sensitive information stored under the web root. At the moment, there is no information about a newer version that contains a fix for this vulnerability.