Maxwebportal: Security Vulnerabilities
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
CVSS Score
7.5
EPSS Score
0.013
Published
2003-12-31
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
CVSS Score
7.5
EPSS Score
0.08
Published
2003-12-31
Page 2