vendor:
NewsTraXor
by:
Unknown
7.5
CVSS
HIGH
Remote Database Disclosure
200
CWE
Product Name: NewsTraXor
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:newstraxor
Platforms Tested:
Unknown
NewsTraXor Remote Database Disclosure Vulnerability
NewsTraXor is affected by a remote database disclosure vulnerability. The issue is caused by a design error that allows the database file to be globally readable. This vulnerability may allow a remote attacker to gain unauthorized administrative access to the affected web application.
Mitigation:
To mitigate this vulnerability, ensure that the database file is properly protected and not globally readable. Restrict access to the database file to authorized users only.