Vulnerabilities > CVE-2004-1786 - Remote User Database Access vulnerability in ASPApp PortalAPP

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
iatek
exploit available

Summary

PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb.

Vulnerable Configurations

Part Description Count
Application
Iatek
1

Exploit-Db

descriptionASPApp PortalAPP 0 Remote User Database Access Vulnerability. CVE-2004-1786. Webapps exploit for asp platform
idEDB-ID:23515
last seen2016-02-02
modified2004-01-04
published2004-01-04
reporternewbie6290
sourcehttps://www.exploit-db.com/download/23515/
titleASPApp PortalAPP - Remote User Database Access Vulnerability