CVE-2009-0328

Name of the Vulnerable Software and Affected Versions ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) (affected versions not specified)

Description The issue allows remote attackers to download a database file containing user credentials due to insufficient access control. This is possible by making a direct request for the Database/Sales.mdb file, which stores sensitive information under the web root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.