CVE-2009-2606

2009-07-2714:22:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.5%

JSON

ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb.

References

secunia.com/advisories/35317

www.exploit-db.com/exploits/8852