Vulnerabilities > CVE-2007-3061 - Credentials Management vulnerability in Cactusoft Cactushop

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cactusoft
CWE-255
exploit available

Summary

Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.

Vulnerable Configurations

Part Description Count
Application
Cactusoft
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionCactuShop v6 Database Disclosure Vulnerability. CVE-2007-3061. Webapps exploit for asp platform
idEDB-ID:10686
last seen2016-02-01
modified2009-12-26
published2009-12-26
reporterLionTurk
sourcehttps://www.exploit-db.com/download/10686/
titleCactuShop 6.0 - Database Disclosure Vulnerability