CVE-2008-6872

Name of the Vulnerable Software and Affected Versions: ASPThai.NET ASPThai Forums version 8.5

Description: The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access the database via a direct request for database/aspthaiForum.mdb.

Recommendations: For version 8.5, restrict access to the database/aspthaiForum.mdb file to prevent unauthorized downloads. Consider relocating sensitive information outside the web root or implementing proper access controls to mitigate the risk of exploitation.