Vulnerabilities > Nukedit > Nukedit > 4.9.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-12-30 | CVE-2008-5773 | Permissions, Privileges, and Access Controls vulnerability in Nukedit 4.9.8 Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | 5.0 |
2008-12-15 | CVE-2008-5582 | SQL Injection vulnerability in Nukedit SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |