Dir2web3 Mutiple Vulnerabilities

Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...

CVE-2012-4069

Dir2web 3.0 contains an information-disclosure flaw (CVE-2012-4069) caused by insufficient access control, permitting remote attackers to download the database via system/db/website.db. Affected component: Dir2web 3.0 web app; vulnerability in access control for the web root/database directory. I...

Dir2web3 3.0 SQL Injection / Information Disclosure

Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...