CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3252

HIGH
7.8
CVSS Severity Score
EPSS Score0.1500%
EPSS Percentile19.78th
PublishedJun 18, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786.

Affected Platforms (CPE)

πŸ“¦
Portalapp

Portalapp

<= 4.0

References & Advisories

πŸ”— http://osvdb.org/39736
πŸ”— http://securityreason.com/securityalert/2808
πŸ”— http://www.securityfocus.com/archive/1/471411/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34874
πŸ”— http://osvdb.org/39736
πŸ”— http://securityreason.com/securityalert/2808
πŸ”— http://www.securityfocus.com/archive/1/471411/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34874

Related Vulnerabilities

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVE-2002-165910.0

user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.

CVE-2005-09487.5

SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner...

CVE-2008-46147.5

PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and ...