Description
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-1519 Vulnerability (CVE-2013-1519)
b2evolution Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-7352)
WordPress Plugin Security & Malware scan by CleanTalk Security Bypass (2.50)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5447)
WordPress Plugin Captchinoo, Google recaptcha for admin login page Security Bypass (2.3)