Vulnerability Details CVE-2008-0135
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://hackerscenter.com/archive/view.asp?id=28145
- http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt
- http://www.securityfocus.com/archive/1/485836/100/200/threaded
- http://www.securityfocus.com/archive/1/485894/100/200/threaded
- http://hackerscenter.com/archive/view.asp?id=28145
- http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt
- http://www.securityfocus.com/archive/1/485836/100/200/threaded
- http://www.securityfocus.com/archive/1/485894/100/200/threaded
Products affected by CVE-2008-0135
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:-
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.2.03
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.06