PT-2009-4286 · Dmxready · Dmxready Registration Manager
S4S-T3Rr0R!St
·
Published
2009-05-29
·
Updated
2017-09-29
·
CVE-2009-1821
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
DMXReady Registration Manager version 1.1
Description:
The issue allows remote attackers to download the database file due to insufficient access control. Sensitive information is stored under the web root, making it accessible via a direct request for the databases/webblogmanager.mdb file.
Recommendations:
For DMXReady Registration Manager version 1.1, consider restricting access to the databases/webblogmanager.mdb file to prevent unauthorized downloads. As a temporary workaround, move the sensitive information outside of the web root to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dmxready Registration Manager