CVE-2009-0760

2009-03-0318:00:00

mitre

www.cve.org

AI Score

6.4

Confidence

Low

EPSS

0.004

Percentile

72.3%

JSON

Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.

References

packetstorm.linuxsecurity.com/0902-exploits/teamboard-ddxss.txt

secunia.com/advisories/33839

www.osvdb.org/51752

www.exploit-db.com/exploits/7982