CVE-2006-3557 - MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access cont

CVE-2006-3557

Summary

MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

References

http://securityreason.com/securityalert/1235
http://www.securityfocus.com/archive/1/439611/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:mt_orumcek:mt_orumcek_toplist:2.2:*:*:*:*:*:*:*
cpe:2.3:a:mt_orumcek:mt_orumcek_toplist:2.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060709 MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download
sreason	1235

Last major update

18-10-2018 - 16:47

Published

13-07-2006 - 00:05

Last modified

18-10-2018 - 16:47