iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Iyzi_forum | Iyziforum | 1.0-beta_3 (including) | 1.0-beta_3 (including) |