QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Quotebook |
Freedville |
- |
- |
References