Vulnerabilities > Aspapps > Template Creature

DATE CVE VULNERABILITY TITLE RISK
2009-01-23 CVE-2008-5951 Permissions, Privileges, and Access Controls vulnerability in Aspapps Template Creature NIL
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
network
low complexity
aspapps CWE-264
5.0
5.0
2009-01-23 CVE-2008-5950 SQL Injection vulnerability in Aspapps Template Creature NIL
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
network
low complexity
aspapps CWE-89
7.5
7.5