CVE-2009-3597

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to…

mitre·CWE-552·Published 2009-10-08

CVSS

—

EPSS

0.03

KEV

Exploits

cve.orgen

203 chars

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.

NVDen

203 chars

NVDes

242 chars

Digitaldesign CMS v0.1 guarda información sensible en el directorio web raíz con insuficiente control de acceso, lo que permite a los atacantes remotos descargar el fichero de la base de datos a través de una petición directa a autoconfig.dd.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N