header-logo
Suggest Exploit
vendor:
MPCSoftWeb Guestbook
by:
SecurityFocus
7.5
CVSS
HIGH
Unsecured Database File
532
CWE
Product Name: MPCSoftWeb Guestbook
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

MPCSoftWeb Unsecured Database File Vulnerability

MPCSoftWeb is vulnerable to an unsecured database file vulnerability. Attackers can request the database file located at http://www.example.com/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb and gain access to sensitive information such as administrative credentials for the guestbook.

Mitigation:

Ensure that the database file is secured and not accessible to remote attackers.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7390/info

MPCSoftWeb does not sufficiently secure the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as administrative credentials for the guestbook. 

http://www.example.com/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb

Navigation

Suggest Exploit

Services By CQR