PT-2009-1855 · Asp · Aspportal
Cwh Underground
·
Published
2009-03-02
·
Updated
2017-09-29
·
CVE-2008-6382
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
ASP Portal version 3.2.5
Description:
The issue allows remote attackers to download the database file via a direct request to 'ASPPortal.mdb' due to insufficient access control. This is because sensitive information is stored under the web root.
Recommendations:
For ASP Portal version 3.2.5, consider restricting access to the
ASPPortal.mdb file to minimize the risk of exploitation. Additionally, review and implement proper access controls for sensitive information stored under the web root.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aspportal