WineGlass数据库敏感信息泄露漏洞

WineGlass是一款维基应用程序。 WineGlass数据库访问限制不正确，远程攻击者可以利用漏洞获得敏感信息。 直接下载在WEB ROOT目录中的data.mdb文件，可导致获得用户名和密码信息。 WineGlass 1.x 目前没有解决方案提供...

CVE-2007-0090

WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb...

Improper access control

WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb...

CVE-2007-0090

CVE-2007-0090 concerns WineGlass, where sensitive information is stored under the web root with insufficient access control. The issue enables remote attackers to download a database containing passwords by requesting the file path db/data.mdb directly. The vulnerability impacts the confidentiali...

CVE-2007-0090

WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb...

WineGlass "data.mdb" Remote Password Disclosure

ARIA-SECURITY TEAM Forum: http://aria-security.com Discovered by:Aria-Security Team Type:Remote Password Disclosure Vendor:http://www.fermentigrafici.it/wineglass/ PoC: http://target/db/data.mdb Contact: [email protected] http://aria-security.com/forum/showthread.php?p=112...