2 matches found
CVE-2009-2606
The CVE-2009-2606 entry concerns ASP Football Pool 2.3 where sensitive data is stored under the web root with insufficient access control, enabling remote retrieval of the NFL.mdb database file via a direct request. The core issue is improper access control on the web root, leading to exposure of...
CVE-2009-2606
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb...