Primary

Context

ASTPP Information Disclosure Vulnerability Allowing Unauthenticated Database Backup Download

Vulnerability

A vulnerability in ASTPP version 4.0.1 allows unauthenticated attackers to access sensitive database information by downloading database backup files. This is achieved by predicting the filename patterns of the backups. Attackers can generate combinations of 6-digit PINs and use them to fuzz the backup download URLs, extracting confidential data from the '/database_backup/' directory.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive database information.

Reproduction

To reproduce this vulnerability, first generate a list of 6-digit PIN combinations. Then, fuzz the backup download URL by replacing the PIN in the filename with one from the generated list. If successful, the response will indicate the backup file is available for download.

Added: Feb 11, 2026, 9:56 PM

Updated: Feb 11, 2026, 9:56 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.8

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.8

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASTPP Information Disclosure Vulnerability Allowing Unauthenticated Database Backup Download

Vulnerability

Impact

Reproduction

Affected Products

iNextrix ASTPP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating