CVE-2010-0765

Name of the Vulnerable Software and Affected Versions fipsForum version 2.6

Description The issue allows remote attackers to download a database via a direct request for database/forumFips.mdb due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations For version 2.6, restrict access to the database/forumFips.mdb file to prevent unauthorized downloads. Consider relocating sensitive information outside of the web root or implementing proper access controls to mitigate the risk of exploitation.