CVE-2010-0765

fipsForum 2.6 - Unauthenticated Sensitive Information Disclosure via Direct Database Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0765. PoCs published by ViRuSMaN.

AI-analyzed exploit summary This exploit discloses the path to the MS Access database file used by fipsForum v2.6, allowing unauthorized access to sensitive data. The vulnerability arises from improper access controls on the database file.

Description

fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ViRuSMaN · textwebappsasp

https://www.exploit-db.com/exploits/11361

View Code ZIP pw:eip

This exploit discloses the path to the MS Access database file used by fipsForum v2.6, allowing unauthorized access to sensitive data. The vulnerability arises from improper access controls on the database file.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: fipsForum v2.6

No auth needed

Prerequisites: Knowledge of the target server's path structure

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/1001-exploits/fipsforum-disclose.txt

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11361

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/56183

Scores

EPSS 0.0244

EPSS Percentile 82.2%

Details

CWE

CWE-264

Status published

Products (1)

fipsasp/fipsforum 2.6

Published Mar 02, 2010

Tracked Since Feb 18, 2026