Insecure Access Control in MaxWebPortal 1.30 Allows Remote Information Disclosure

Insecure Access Control in MaxWebPortal 1.30 Allows Remote Information Disclosure

CVE-2003-1213 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.

Learn more about our Cis Benchmark Audit For Ibm Db2.