Description
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Remediation
References
Related Vulnerabilities
WordPress Plugin Filtre de Surveillance Gouvernemental Cross-Site Scripting (1.1)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-46148)
silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5088)
MySQL CVE-2022-21460 Vulnerability (CVE-2022-21460)
WordPress Plugin Ultimate Membership Pro SQL Injection (6.4)