|
|
Family: CGI abuses --> Category: infos
Web Wiz Forums database disclosure Vulnerability Scan
Vulnerability Scan Summary
Checks for wwforum.mdb
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application that is affected by
an information disclosure vulnerability.
Description :
The remote server is running Web Wiz Site Forum, a set of ASP scripts
to manage online forums.
This release comes with a 'wwforum.mdb' database, usually located
under 'admin' which contains sensitive information, such as the user
passwords and emails. A possible hacker may use this flaw to gain
unauthorized access to the affected application.
See also :
http://archives.neohapsis.com/archives/bugtraq/2003-04/0234.html
Solution :
Prevent the download of .mdb files from your website.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
