Reported April 5, 2004, by
NGSSoftware.
VERSIONS
AFFECTED
DESCRIPTION
Dreamweaver by default
creates and uploads a script to test remote database connectivity (mmhttpdb.asp)
to the database-driven Web site being tested. If left on the server, the script
can let a potential attacker access to the back-end database server without
supplying a user ID and password.
VENDOR
RESPONSE
The vendor,
Macromedia, has released an
alert about this vulnerability.
CREDIT
Discovered by
NGSSoftware.
Remote Compromise Vulnerability in Macromedia Dreamweaver
0 comments
Hide comments