Vulnerabilities > Aspapps > Template Creature
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-23 | CVE-2008-5951 | Permissions, Privileges, and Access Controls vulnerability in Aspapps Template Creature NIL ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | 5.0 |
2009-01-23 | CVE-2008-5950 | SQL Injection vulnerability in Aspapps Template Creature NIL SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. | 7.5 |