CVE-2007-3061 Information

Description

Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.

Reference

http://osvdb.org/42052 http://osvdb.org/42053 http://securityreason.com/securityalert/2780 http://www.securityfocus.com/archive/1/470439/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34706