PT-2008-6657 · Ikon · Ikon Admanager

Ghost Hacker

Published

2008-12-16

Updated

2017-09-29

CVE-2008-5596

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ikon AdManager versions 2.1 and earlier

Description The issue allows remote attackers to download the database file due to insufficient access control. This is possible because sensitive information is stored under the web root. The database file can be accessed via a direct request for ikonBAnner AdManager.mdb.

Recommendations For Ikon AdManager versions 2.1 and earlier, restrict access to the ikonBAnner AdManager.mdb file to prevent unauthorized downloads. Consider moving sensitive information outside of the web root or implementing proper access controls to mitigate the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-5596

Affected Products

Ikon Admanager

PT-2008-6657 · Ikon · Ikon Admanager

CVE-2008-5596

Weakness Enumeration

Related Identifiers

Affected Products

References · 4