CVE-2008-5935
CVE-2008-5935 affects Facto software where the database file (database/facto.mdb) is stored under the web root with insufficient access control. This allows remote attackers to retrieve the password-containing database via a direct HTTP request. The vulnerability outcome is exposure of sensitive ...