AeNovo Database Content Disclosure Vulnerability Network Vulnerability

Summary

aeNovo is a web content management system. Due to improper file premission settings on the database directory it is possible for a remote attacker to download the product's database file and grab from it sensitive information.

Solution

Restrict access the the aeNovo's database file or directory by setting file/directory restrictions.

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Allaire JRun directory browsing vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Apache Web Server ETag Header Information Disclosure Weakness
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

aeNovo Database Content Disclosure Vulnerability

Take action and discover your vulnerabilities