Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webwizguide web wiz guestbook 6.0 |
||
webwizguide web wiz guestbook 8.21 |