Reported April 5, 2004, by NGSSoftware.

 

 

VERSIONS AFFECTED

 

  • Dreamweaver MX 2004 (all versions)
  • Dreamweaver MX (all versions)
  • Dreamweaver UltraDev 4 (all versions)

 

DESCRIPTION

 

Dreamweaver by default creates and uploads a script to test remote database connectivity (mmhttpdb.asp) to the database-driven Web site being tested. If left on the server, the script can let a potential attacker access to the back-end database server without supplying a user ID and password.

 

 

VENDOR RESPONSE

 

The vendor, Macromedia, has released an alert about this vulnerability.

 

CREDIT                                                                                                       

 

Discovered by NGSSoftware.