Vulnerability Description
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maxwebportal | Maxwebportal | 1.30 |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.htmlPatch
- http://secunia.com/advisories/8979Exploit
- http://www.securityfocus.com/bid/7837ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12279
- http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.htmlPatch
- http://secunia.com/advisories/8979Exploit
- http://www.securityfocus.com/bid/7837ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12279
FAQ
What is CVE-2003-1213?
CVE-2003-1213 is a vulnerability with a CVSS score of 7.5 (HIGH). The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a d...
How severe is CVE-2003-1213?
CVE-2003-1213 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1213?
Check the references section above for vendor advisories and patch information. Affected products include: Maxwebportal Maxwebportal.