CVE-2009-4760

Name of the Vulnerable Software and Affected Versions Winn ASP Guestbook version 1.01 Beta

Description The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, making it accessible via a direct request for data/guestbook.mdb.

Recommendations For version 1.01 Beta, consider restricting access to the data/guestbook.mdb file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive data outside of the web root or implementing proper access controls can help mitigate the risk.