The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Maxwebportal | Maxwebportal | 1.30 (including) | 1.30 (including) |