header-logo
Suggest Exploit
vendor:
Discussion Web
by:
Pouya_Server
7.5
CVSS
HIGH
Microsoft Access Database File Disclosure
N/A
CWE
Product Name: Discussion Web
Affected Version From: 4
Affected Version To: 4
Patch Exists: No
Related CWE: N/A
CPE: cpe:a:takempis:discussion_web:4.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Microsoft Access Database File Disclosure

A vulnerability exists in the Discussion Web 4.0 web application, which allows an attacker to download the Microsoft Access Database file containing the application's data. This vulnerability is due to the fact that the application does not properly restrict access to the database file. An attacker can exploit this vulnerability by directly requesting the database file from the web server.

Mitigation:

Restrict access to the database file.
Source

Exploit-DB raw data:

#########################################################
---------------------------------------------------------
Portal Name: Discussion Web
Version : 4.0
Vendor : http://www.takempis.com/aboutdiscussion.htm
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (DD)
---------------------------------------------------------
#########################################################
[DD]:
http://site.com/[Path]/_private/discussion.mdb

---------------------------------

# milw0rm.com [2008-12-14]

Navigation

Suggest Exploit

Services By CQR