Vulnerabilities > CVE-2007-0091 - Information Disclosure vulnerability in Newscmslite

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
katy-whitton-web-development
exploit available

Summary

newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.

Vulnerable Configurations

Part Description Count
Application
Katy_Whitton_Web_Development
1

Exploit-Db

descriptionnewsCMSlite (newsCMS.mdb) Remote Password Disclosure Vulnerability. CVE-2007-0091. Webapps exploit for asp platform
fileexploits/asp/webapps/3066.txt
idEDB-ID:3066
last seen2016-01-31
modified2007-01-01
platformasp
port
published2007-01-01
reporterKaBuS
sourcehttps://www.exploit-db.com/download/3066/
titlenewsCMSlite newsCMS.mdb Remote Password Disclosure Vulnerability
typewebapps