fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb.
References
Configurations
History
No history.
Information
Published : 2010-03-02 18:30
Updated : 2024-02-04 17:54
NVD link : CVE-2010-0765
Mitre link : CVE-2010-0765
CVE.ORG link : CVE-2010-0765
JSON object : View
Products Affected
fipsasp
- fipsforum
CWE
CWE-264
Permissions, Privileges, and Access Controls