Vulnerabilities > CVE-2007-3061 - Credentials Management vulnerability in Cactusoft Cactushop
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | CactuShop v6 Database Disclosure Vulnerability. CVE-2007-3061. Webapps exploit for asp platform |
| id | EDB-ID:10686 |
| last seen | 2016-02-01 |
| modified | 2009-12-26 |
| published | 2009-12-26 |
| reporter | LionTurk |
| source | https://www.exploit-db.com/download/10686/ |
| title | CactuShop 6.0 - Database Disclosure Vulnerability |
References
- http://osvdb.org/42052
- http://osvdb.org/42052
- http://osvdb.org/42053
- http://osvdb.org/42053
- http://securityreason.com/securityalert/2780
- http://securityreason.com/securityalert/2780
- http://www.securityfocus.com/archive/1/470439/100/0/threaded
- http://www.securityfocus.com/archive/1/470439/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34706