3 matches found
Improper access control
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 artiklerprod.mdb or 2 medlemmer.mdb...
CVE-2009-4798
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the 1 kat parameter to side.asp, and the 2 brugerid and 3 password fields to the administration login feature...
CVE-2009-4799
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 artiklerprod.mdb or 2 medlemmer.mdb...