CVE-2008-0135

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:snitz_communications:snitz_forums_2000:*:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.2.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-01-08 19:46

Updated : 2024-02-28 11:01


NVD link : CVE-2008-0135

Mitre link : CVE-2008-0135

CVE.ORG link : CVE-2008-0135


JSON object : View

Products Affected

snitz_communications

  • snitz_forums_2000
CWE
CWE-264

Permissions, Privileges, and Access Controls