Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Timeline | Livetecs | 2.81 (including) | 2.81 (including) |
| Timeline | Livetecs | 2.91 (including) | 2.91 (including) |
| Timeline | Livetecs | 2.94 (including) | 2.94 (including) |
| Timeline | Livetecs | 3.0.1 (including) | 3.0.1 (including) |
| Timeline | Livetecs | 3.0.3 (including) | 3.0.3 (including) |
| Timeline | Livetecs | 3.0.5 (including) | 3.0.5 (including) |
| Timeline | Livetecs | 3.1.1 (including) | 3.1.1 (including) |
| Timeline | Livetecs | 3.2.1 (including) | 3.2.1 (including) |
| Timeline | Livetecs | 3.5.1 (including) | 3.5.1 (including) |
| Timeline | Livetecs | 3.6.1 (including) | 3.6.1 (including) |
| Timeline | Livetecs | 3.7.1 (including) | 3.7.1 (including) |
| Timeline | Livetecs | 3.8.1 (including) | 3.8.1 (including) |
| Timeline | Livetecs | 4.2.1 (including) | 4.2.1 (including) |
| Timeline | Livetecs | 4.3.1 (including) | 4.3.1 (including) |
| Timeline | Livetecs | 4.9.1 (including) | 4.9.1 (including) |
| Timeline | Livetecs | 5.2.1 (including) | 5.2.1 (including) |
| Timeline | Livetecs | 6.0.1 (including) | 6.0.1 (including) |
| Timeline | Livetecs | 6.2.1 (including) | 6.2.1 (including) |
| Timeline | Livetecs | 6.2.3 (including) | 6.2.3 (including) |
| Timeline | Livetecs | 6.2.4 (including) | 6.2.4 (including) |
| Timeline | Livetecs | 6.2.6 (including) | 6.2.6 (including) |
| Timeline | Livetecs | 6.2.7 (including) | 6.2.7 (including) |
| Timeline | Livetecs | 6.2.71 (including) | 6.2.71 (including) |
| Timeline | Livetecs | 7.1.1 (including) | 7.1.1 (including) |