header-logo
Suggest Exploit
vendor:
CNU5
by:
Unknown
5.5
CVSS
MEDIUM
Database Disclosure
CWE
Product Name: CNU5
Affected Version From: CNU5 version 1.2
Affected Version To: CNU5 Extra (exact version not specified)
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Database Disclosure Vulnerability in CNU5

Remote users can download the 'news.mdb' database file and gain access to sensitive information, including unencrypted authentication credentials.

Mitigation:

Configuring the web server to restrict access to sensitive files can prevent this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11004/info

CNU5 is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file 'news.mdb' and gain access to sensitive information including unencrypted authentication credentials.

CNU5 version 1.2 is reported vulnerable to this issue. CNU5 Extra may be affected as well.

This issue is being retired due to the fact that this is not a vulnerability in the application. Configuring the Web server to restrict access to sensitive files can prevent this problem.

http://www.example.com/news/news.mdb
http://www.example.com/news.mdb

Navigation

Suggest Exploit

Services By CQR