PT-2009-5006 · Asp · Asp Football Pool

Byalbayx

Publicado

2009-07-27

Atualizado

2017-09-19

CVE-2009-2606

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ASP Football Pool version 2.3

Description The issue allows remote attackers to download the database file via a direct request for NFL.mdb due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations For ASP Football Pool version 2.3, consider restricting access to the NFL.mdb file to prevent unauthorized downloads until a proper fix is applied. Additionally, review and implement proper access controls for sensitive information stored under the web root.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2009-2606

Produtos afetados

Asp Football Pool

PT-2009-5006 · Asp · Asp Football Pool

CVE-2009-2606

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4