Description
Macromedia Dreamweaver has created a directory (_mmServerScripts or _mmDBScripts) that contains scripts for testing database connectivity. One of these scripts (mmhttpdb.php or mmhttpdb.asp) can be accessed without user ID or password and contains numerous operations, such as listing Datasource Names or executing arbitrary SQL queries.
Remediation
Remove these directories from production systems.
References
Related Vulnerabilities
WordPress Plugin Hitasoft FLV Player 'id' Parameter SQL Injection (1.1)
WordPress Plugin Ajax Store Locator SQL Injection (1.2.0)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)
[Possible] Internal Path Disclosure (*nix)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.153.3)