XPede DataSource.ASP Information Disclosure Vulnerability

XPede is web-based project accounting software. It is available for Microsoft Windows operating systems.

The XPede datasource.asp script reveals the database user name and may be accessed by arbitrary web users without authentication. Additionally, the script provides an interface for changing the user's password, which may be brute-forced by a remote attacker.

This issue was reported for XPede 4.1. Other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus