CactuShop CVE-2007-3061 Information Disclosure Vulnerability

CactuShop CVE-2007-3061 Information Disclosure Vulnerability

CactuShop is prone to a information disclosure vulnerability. Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.