6.9 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.6%
Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.
osvdb.org/80770
packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html
exchange.xforce.ibmcloud.com/vulnerabilities/74488