CVE-2007-3061

Name of the Vulnerable Software and Affected Versions: Cactushop versions 6 and earlier

Description: The issue allows remote attackers to download a database via a direct request for files such as cactushop6.mdb or cactushop5.mdb due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations: For Cactushop versions 6 and earlier, restrict access to the database files cactushop6.mdb and cactushop5.mdb to prevent unauthorized downloads. Consider implementing proper access controls for sensitive information stored under the web root.