Macromedia Dreamweaver remote database scripts

Description
  • Macromedia Dreamweaver has created a directory (<span class="bb-dark">_mmServerScripts</span> or <span class="bb-dark">_mmDBScripts</span>) that contains scripts for testing database connectivity. One of these scripts (<span class="bb-dark">mmhttpdb.php</span> or <span class="bb-dark">mmhttpdb.asp</span>) can be accessed without user ID or password and contains numerous operations, such as listing Datasource Names or executing arbitrary SQL queries.
Remediation
  • Remove these directories from production systems.
References