Unrestricted Access to Database-Connection Strings in Topline Opportunity Form

Unrestricted Access to Database-Connection Strings in Topline Opportunity Form

CVE-2015-1608 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.