Описание
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:macromedia:dreamweaver:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:dreamweaver:6.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:dreamweaver:2004:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:dreamweaver_ultradev:4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00824
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.
EPSS
Процентиль: 74%
0.00824
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other