QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Quotebook | Freedville | - (including) | - (including) |