CVE-2007-3061

Publication date

2007-06-06 01:00:00

Family

mitre

State

PUBLISHED

Description

Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.