exploitDog

CVE-2009-2159

Опубликовано: 22 июн. 2009

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:torrenttrader:torrenttrader_classic:1.09:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06736

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-wm8h-5fvf-q5hp

github

почти 4 года назад

backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.

EPSS

Процентиль: 91%

0.06736

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-287