Compulsive Media CNU5 - 'News.mdb' Database Disclosure

EDB-ID:

24397

CVE:





Platform:

ASP

Date:

2004-08-23


source: https://www.securityfocus.com/bid/11004/info

CNU5 is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file 'news.mdb' and gain access to sensitive information including unencrypted authentication credentials.

CNU5 version 1.2 is reported vulnerable to this issue. CNU5 Extra may be affected as well.

This issue is being retired due to the fact that this is not a vulnerability in the application. Configuring the Web server to restrict access to sensitive files can prevent this problem.

http://www.example.com/news/news.mdb
http://www.example.com/news.mdb