Vulnerabilities > CVE-2009-3597 - Files or Directories Accessible to External Parties vulnerability in Digitaldesign CMS Project Digitaldesign CMS 0.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
digitaldesign-cms-project
CWE-552
exploit available
NVD
Published: 2009-10-08
Updated: 2024-01-25

Summary

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.

Vulnerable Configurations

Part Description Count
Application
Digitaldesign_Cms_Project
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionDigitaldesign CMS 0.1 Remote Database Disclosure Vulnerability. CVE-2009-3597. Webapps exploit for php platform
fileexploits/php/webapps/9115.txt
idEDB-ID:9115
last seen2016-02-01
modified2009-07-10
platformphp
port
published2009-07-10
reporterdarkjoker
sourcehttps://www.exploit-db.com/download/9115/
titleDigitaldesign CMS 0.1 - Remote Database Disclosure Vulnerability
typewebapps

References