fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb.
Max CVSS
5.0
EPSS Score
0.54%
Published
2010-03-02
Updated
2017-08-17
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-11-26
Updated
2017-10-19
2 vulnerabilities found