Vulnerabilities > CVE-2005-0853 - Remote vulnerability in Betaparticle Blog 2.0/3.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

betaparticle

exploit available

NVD

Published: 2005-05-02

Updated: 2017-10-11

Summary

betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0.

Vulnerable Configurations

Part	Description	Count
Application	Betaparticle Betaparticle Betaparticle Blog 2.0 Betaparticle Betaparticle Blog 3.0	2

Exploit-Db

description	betaparticle blog 2.0/3.0 dbBlogMX.mdb Direct Request Database Disclosure. CVE-2005-0853. Webapps exploit for asp platform
id	EDB-ID:25252
last seen	2016-02-03
modified	2005-03-21
published	2005-03-21
reporter	farhad koosha
source	https://www.exploit-db.com/download/25252/
title	betaparticle blog 2.0/3.0 dbBlogMX.mdb Direct Request Database Disclosure

id EDB-ID:7499

Summary

Vulnerable Configurations

Exploit-Db

References