CVE-2010-0978

Name of the Vulnerable Software and Affected Versions KMSoft Guestbook (aka GBook) version 1.0

Description The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved by making a direct request for the database file.

Recommendations For KMSoft Guestbook (aka GBook) version 1.0, consider restricting access to the database file db/db.mdb to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive information outside of the web root or implementing proper access controls can help mitigate the risk.