Vulnerabilities > CVE-2004-1788 - Remote User Database Access vulnerability in ASP-Nuke 1.0/1.2/1.3

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
asp-nuke
exploit available
NVD
Published: 2004-12-31
Updated: 2008-09-05

Summary

ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb.

Vulnerable Configurations

Part Description Count
Application
Asp-Nuke
3

Exploit-Db

descriptionASP-Nuke 1.0/1.2/1.3 Remote User Database Access Vulnerability. CVE-2004-1788. Webapps exploit for asp platform
idEDB-ID:23516
last seen2016-02-02
modified2004-01-04
published2004-01-04
reporterVietnamese Security Group
sourcehttps://www.exploit-db.com/download/23516/
titleASP-Nuke 1.0/1.2/1.3 - Remote User Database Access Vulnerability

References