PT-2010-1365 · Logoshows · Logoshows Bbs
Zorlu
·
Published
2010-01-04
·
Updated
2017-09-19
·
CVE-2009-4545
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Logoshows BBS version 2.0
Description
The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access the database via a direct request for database/globepersonnel.mdb.
Recommendations
For version 2.0, restrict access to the database file database/globepersonnel.mdb to prevent unauthorized downloads. Consider implementing proper access controls to sensitive information stored under the web root.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logoshows Bbs