exploitDog

CVE-2009-3597

Опубликовано: 08 окт. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.

Ссылки

http://www.exploit-db.com/exploits/9115
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/51676
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/9115
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/51676
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:digitaldesign_cms_project:digitaldesign_cms:0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05291

Низкий

5 Medium

CVSS2

Дефекты

CWE-552

Связанные уязвимости

GHSA-rhf3-73p2-27rm

github

почти 4 года назад

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.

EPSS

Процентиль: 90%

0.05291

Низкий

5 Medium

CVSS2

Дефекты

CWE-552