CVE-2004-2060
CVE-2004-2060
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/24317unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.htmlhttp://ferruh.mavituna.com/article/?574http://marc.info/?l=bugtraq&m=109086977330418&w=2http://secunia.com/advisories/12164http://securitytracker.com/id?1010777https://exchange.xforce.ibmcloud.com/vulnerabilities/16802http://www.osvdb.org/8253http://www.securityfocus.com/bid/10799