CVE-2007-3146

Name of the Vulnerable Software and Affected Versions: Zen Help Desk version 2.1

Description: The issue allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations: For Zen Help Desk version 2.1, consider restricting access to the ZenHelpDesk.mdb file to minimize the risk of exploitation. As a temporary workaround, limit direct requests to this file until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.