CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
68.4%
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
Vendor | Product | Version | CPE |
---|---|---|---|
joe_depasquale | bannermatic | 1.0 | cpe:2.3:a:joe_depasquale:bannermatic:1.0:*:*:*:*:*:*:* |
joe_depasquale | bannermatic | 2.0 | cpe:2.3:a:joe_depasquale:bannermatic:2.0:*:*:*:*:*:*:* |
joe_depasquale | bannermatic | 3.0 | cpe:2.3:a:joe_depasquale:bannermatic:3.0:*:*:*:*:*:*:* |