Improper access control

2008-12-3020:30:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%

JSON

Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.

CPENameOperatorVersion
forest_blogeq1.3.2

CPE	Name	Operator	Version
	forest_blog	eq	1.3.2

References

securityreason.com/securityalert/4842

exchange.xforce.ibmcloud.com/vulnerabilities/47359

www.exploit-db.com/exploits/7466