PT-2007-3442 · Fac · Fac Guestbook

Published

2007-04-18

Updated

2018-10-16

CVE-2007-2100

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FAC Guestbook version 2.0

Description The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access the database via a direct request for db/Gdb.mdb.

Recommendations For FAC Guestbook version 2.0, consider restricting access to the db directory to prevent unauthorized downloads of the database file Gdb.mdb until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2100

Affected Products

Fac Guestbook

PT-2007-3442 · Fac · Fac Guestbook

CVE-2007-2100

Related Identifiers

Affected Products

References · 6