Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Macromedia Dreamweaver remote database scripts - Vulnerability Database

Macromedia Dreamweaver remote database scripts

Description

Macromedia Dreamweaver has created a directory (_mmServerScripts or _mmDBScripts) that contains scripts for testing database connectivity. One of these scripts (mmhttpdb.php or mmhttpdb.asp) can be accessed without user ID or password and contains numerous operations, such as listing Datasource Names or executing arbitrary SQL queries.

Remediation

Remove these directories from production systems.

References

NGSSoftware advisory

Related Vulnerabilities

WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59) High
Common tags: SQL Injection Information Disclosure
MantisBT multiple security issues High
Common tags: SQL Injection Information Disclosure
WordPress Plugin WP Session Manager SQL Injection (1.2.1) High
Common tags: SQL Injection
WordPress Plugin Simple Login Log SQL Injection (1.1.1) High
Common tags: SQL Injection
WordPress Plugin Save Contact Form 7 SQL Injection (1.7) High
Common tags: SQL Injection

Severity

High

Classification

CVE-2004-1893
CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection
Information Disclosure