2 matches found
CVE-2010-0765
CVE-2010-0765 affects fipsForum 2.6, where sensitive data is stored under the web root with insufficient access control, allowing remote attackers to directly request and download the _database/forumFips.mdb file. The available documents attribute the issue to improper access control but do not p...
CVE-2006-6116
CVE-2006-6116 describes an SQL injection in default2.asp of fipsForum 2.6 and earlier, exploitable remotely via the kat parameter. The vulnerability allows attackers to execute arbitrary SQL commands, compromising data confidentiality, integrity, and availability. Affected component: default2.asp...