Improper access control

2008-01-0819:46:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

CPENameOperatorVersion
snitz_forums_2000eq3.1 sr4
snitz_forums_2000eq3.4.03
snitz_forums_2000eq3.2.03
snitz_forums_2000eq3.3.01
snitz_forums_2000eq3.3.02
snitz_forums_2000eq3.1
snitz_forums_2000eq3.4.05
snitz_forums_2000eq3.4.02
snitz_forums_2000le3.4.06
snitz_forums_2000eq3.4.04

Name	Operator	Version
snitz_forums_2000	eq	3.1 sr4
snitz_forums_2000	eq	3.4.03
snitz_forums_2000	eq	3.2.03
snitz_forums_2000	eq	3.3.01
snitz_forums_2000	eq	3.3.02
snitz_forums_2000	eq	3.1
snitz_forums_2000	eq	3.4.05
snitz_forums_2000	eq	3.4.02
snitz_forums_2000	le	3.4.06
snitz_forums_2000	eq	3.4.04

Rows per page:

1-10 of 131

References

hackerscenter.com/archive/view.asp?id=28145

www.packetstormsecurity.org/0801-exploits/snitz-multi.txt

www.securityfocus.com/archive/1/485836/100/200/threaded

www.securityfocus.com/archive/1/485894/100/200/threaded