header-logo
Suggest Exploit
vendor:
Site News
by:
SecurityFocus
7.5
CVSS
HIGH
Sensitive Information Disclosure
200
CWE
Product Name: Site News
Affected Version From: 03.06
Affected Version To: 03.06
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Web Wiz Site News Sensitive Information Disclosure Vulnerability

Web Wiz Site News has been reported prone to a sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Site News application. Site News administration credentials contained in the database and stored in plaintext format may be revealed to the attacker. Information collected in this way may be used to aid in further attacks against the system.

Mitigation:

Ensure that the Access database file is not accessible from the web server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7341/info

Web Wiz Site News has been reported prone to sensitive information disclosure vulnerability.

An attacker may make a request for and download the underlying Access database file that is used by the Site News appplication. Site News administration credentials contained in the database and stored in plaintext format may be revealed to the attacker.

Information collected in this way may be used to aid in further attacks against the system.

It should be noted that although this vulnerability has been reported to affect Site News version 3.06, previous versions might also be affected.

http://www.example.com/news/news.mdb

Navigation

Suggest Exploit

Services By CQR