CVE-2009-4766

Name of the Vulnerable Software and Affected Versions YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) versions 1.0 through 1.2

Description The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access it via a direct request for galeri/database/db.mdb.

Recommendations For versions 1.0 and 1.2, restrict access to the galeri/database/db.mdb file to prevent unauthorized downloads. As a temporary workaround, consider moving sensitive information outside of the web root until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.