Uphotogallery uphotogallery.mdb Remote Information Disclosure

2005-04-28T02:33:25
ID OSVDB:15994
Type osvdb
Reporter Team-evil MOroccain Hackers()
Modified 2005-04-28T02:33:25

Description

Vulnerability Description

Uphotogallery contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker directly requests the 'uphotogallery.mdb' file, which will disclose user login and password information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Uphotogallery contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker directly requests the 'uphotogallery.mdb' file, which will disclose user login and password information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/uphotogallery/mdb-database/uphotogallery.mdb

References:

Vendor URL: http://www.uapplication.com/uphotogallery/index.asp Security Tracker: 1013830 CVE-2005-1427