CVE-2010-0965 in Jevci Siparis Formu Scriptiinfo

Summary

by MITRE

Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/02/2026

The vulnerability identified as CVE-2010-0965 represents a critical security flaw in the Jevci Siparis Formu Scripti web application that exposes sensitive database files to unauthorized remote access. This issue stems from improper configuration of file permissions and access controls within the web server environment, creating a significant attack surface that malicious actors can exploit to gain unauthorized access to confidential data. The vulnerability specifically affects applications that store database files in directories accessible through web requests without proper authentication mechanisms or access restriction controls.

The technical flaw manifests when the application stores the siparis.mdb database file in a location within the web root directory structure, making it directly accessible via HTTP requests. This configuration violates fundamental security principles of least privilege and proper access control implementation, as the database file contains sensitive information about orders and customer data that should remain protected from unauthorized access. The vulnerability is classified under CWE-276, which addresses improper file permissions and inadequate access control mechanisms, and aligns with ATT&CK technique T1213.002 for data from information repositories. Attackers can exploit this weakness by simply crafting a direct HTTP request to access the database file, bypassing any application-level authentication or authorization checks that should normally protect such sensitive data.

The operational impact of this vulnerability is substantial as it provides attackers with immediate access to potentially sensitive customer and order information stored in the database. The exposed database file may contain personal identifiable information, financial data, order details, and other confidential business information that could be used for identity theft, financial fraud, or competitive intelligence gathering. The vulnerability also represents a failure in the principle of defense in depth, as the application lacks multiple layers of security controls to protect sensitive data at rest. This exposure could lead to compliance violations under data protection regulations such as gdpr or pci dss, resulting in significant financial penalties and reputational damage for organizations using the affected script.

Mitigation strategies for this vulnerability should focus on immediate remediation of the file access control configuration and implementation of proper access restriction mechanisms. Organizations should move sensitive database files outside of the web root directory structure and ensure that all database files are protected by proper access controls and authentication mechanisms. The recommended approach includes implementing proper file permission settings, configuring web server access controls, and ensuring that database files are not directly accessible through web requests. Additionally, organizations should conduct comprehensive security assessments of their web applications to identify similar vulnerabilities and implement proper input validation and access control mechanisms. The fix should also include regular security monitoring and access logging to detect unauthorized attempts to access sensitive files, and adherence to security frameworks such as owasp top ten and nist cybersecurity framework to prevent similar issues in future implementations.

Reservation

03/16/2010

Disclosure

03/16/2010

Moderation

accepted

Entry

VDB-52198

CPE

ready

EPSS

0.01336

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!