header-logo
Suggest Exploit
vendor:
Forum
by:
SecurityFocus
7.5
CVSS
HIGH
Sensitive Information Disclosure
200
CWE
Product Name: Forum
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Web Wiz Forum Sensitive Information Disclosure Vulnerability

Web Wiz Forum has been reported prone to a sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Forum application. Sensitive information that is contained in the database and stored in plaintext format may be revealed to the attacker. Information collected in this way may be used to aid in further attacks against the system.

Mitigation:

Ensure that the Access database file is not accessible from the web server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7380/info

Web Wiz Forum has been reported prone to sensitive information disclosure vulnerability.

An attacker may make a request for and download the underlying Access database file that is used by the Forum application. Sensitive information that is contained in the database and stored in plaintext format may be revealed to the attacker.

Information collected in this way may be used to aid in further attacks against the system.

It should be noted that all versions of Web Wiz Forums have been reported prone to this vulnerability. 

http://www.example.com/forum/admin/wwforum.mdb

Navigation

Suggest Exploit

Services By CQR