fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fipscms_light | Fipsasp | 2.1 (including) | 2.1 (including) |