ASP-CMS version 1 default password location.

2007.10.08

Credit: joseph

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-5260

CWE: CWE-264

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

ASP-CMS version 1 default password location.
http://asp-cms.sourceforge.net/
A vulnerability exists within the content management system ASP-CMS that allows a remote user to see the username and password of
the content management system itsself. the user/pass combo along with all the other settings of the application are stored in an
MDB file in the folder mdb-database.
Attackers can input the following into an affected site:
http://www.example.com/asp-cms/mdb-database/ASP-CMS_v100.mdb
The fix would be to add place the file somewhere else on the filesystem out of reach of the http area.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ASP-CMS version 1 default password location.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.