Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18104
HistoryOct 02, 2007 - 12:00 a.m.

ASP-CMS version 1 default password location.

2007-10-0200:00:00
vulners.com
11
JSON

ASP-CMS version 1 default password location.

http://asp-cms.sourceforge.net/

A vulnerability exists within the content management system ASP-CMS that allows a remote user to see the username and password of

the content management system itsself. the user/pass combo along with all the other settings of the application are stored in an

MDB file in the folder mdb-database.

Attackers can input the following into an affected site:
http://www.example.com/asp-cms/mdb-database/ASP-CMS_v100.mdb

The fix would be to add place the file somewhere else on the filesystem out of reach of the http area.

JSON