PT-2009-3218 · Ninja Designs · Ninja Designs Mailist
Sirgod
·
Publicado
2009-02-13
·
Atualizado
2017-09-29
·
CVE-2009-0571
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Ninja Designs Mailist version 3.0
Description
The issue concerns insufficient access control in the admin.php file of Ninja Designs Mailist, which stores backup copies of maillist.php under the web root. This allows remote attackers to obtain sensitive information by making a direct request to the backup directory.
Recommendations
For Ninja Designs Mailist version 3.0, consider restricting access to the backup directory to prevent unauthorized access to sensitive information. As a temporary workaround, restrict access to the backup copies of maillist.php until a proper fix is applied.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ninja Designs Mailist