Lucene search

[email protected]CVE-2008-6940

HistoryAug 12, 2009 - 10:30 a.m.

CVE-2008-6940

2009-08-1210:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-6940

turnkeyforms

web hosting directory

sensitive information

insufficient access control

remote attackers

database backup

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.

Affected configurations

NVD

Node

turnkeyformsweb_hosting_directoryMatch-

CPENameOperatorVersion
turnkeyforms:web_hosting_directoryturnkeyforms web hosting directoryeq-

CPE	Name	Operator	Version
turnkeyforms:web_hosting_directory	turnkeyforms web hosting directory	eq	-

References

osvdb.org/49839

secunia.com/advisories/32644

www.securityfocus.com/bid/32283

www.vupen.com/english/advisories/2008/3143

exchange.xforce.ibmcloud.com/vulnerabilities/46587

www.exploit-db.com/exploits/7107

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2008-6940

nvd1 cvelist1 prion1