CVE-2009-2022

Name of the Vulnerable Software and Affected Versions fipsCMS Light version 2.1

Description The issue allows remote attackers to download the database file and obtain sensitive information via a direct request for fipsdb/db.mdb. This is due to insufficient access control, as sensitive information is stored under the web root.

Recommendations For fipsCMS Light version 2.1, consider restricting access to the fipsdb/db.mdb file to minimize the risk of exploitation. As a temporary workaround, restrict access to the fipsdb directory until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.