CVE-2008-5780 - Permissions, Privileges, and Access Control vulnerability in Hostforest Forest Blog 1.3.2

Summary

Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.

Classification

CWE-264 - Permissions, Privileges, and Access Control

Risk level (CVSS 5.0)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products