Reported April 5, 2004, by NGSSoftware.
- Dreamweaver MX 2004 (all versions)
- Dreamweaver MX (all versions)
- Dreamweaver UltraDev 4 (all versions)
Dreamweaver by default creates and uploads a script to test remote database connectivity (mmhttpdb.asp) to the database-driven Web site being tested. If left on the server, the script can let a potential attacker access to the back-end database server without supplying a user ID and password.
Discovered by NGSSoftware.