CVE-2004-2060

ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.

Date published : 2005-05-10

http://www.securityfocus.com/bid/10799

http://marc.info/?l=bugtraq&m=109086977330418&w=2