Cactushop 6 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cactusoft cactushop |