PT-2009-1622 · Forumapp · Forumapp
Cyber.Zer0
·
Published
2009-02-16
·
Updated
2017-09-29
·
CVE-2008-6147
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ForumApp version 3.3
Description
The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for specific database files, such as
data/8690.mdb or data/8690BAK.mdb.Recommendations
For ForumApp version 3.3, restrict access to the
data/8690.mdb and data/8690BAK.mdb files to prevent unauthorized downloads. Consider implementing proper access controls for sensitive information stored under the web root.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forumapp