Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Team_board | Team5 | 1.0.0 (including) | 1.0.0 (including) |
Team_board | Team5 | 2.0.0 (including) | 2.0.0 (including) |