2009-03-05 20:00:00
mitre
PUBLISHED
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.