Unrestricted Access to Systemsetting.aspx in Livetecs Timelive before 6.2.8

Unrestricted Access to Systemsetting.aspx in Livetecs Timelive before 6.2.8

CVE-2014-1217 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.