CVE-2009-3597

Name of the Vulnerable Software and Affected Versions Digitaldesign CMS version 0.1

Description The issue allows remote attackers to download the database file via a direct request for autoconfig.dd due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations For Digitaldesign CMS version 0.1, consider restricting access to the autoconfig.dd file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive information outside of the web root can help minimize the risk of exploitation.