2 matches found
CVE-2008-5951
The CVE-2008-5951 entry concerns ASP Template Creature, where sensitive information is stored under the web root with insufficient access control. This allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb, exposing partial confidentiality (per ...
CVE-2008-5950
CVE-2008-5950 is a SQL injection vulnerability in media/media_level.asp in ASP Template Creature. The vulnerability allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. According to NVD, the CVSS v2 base score is 7.5 (HIGH) with NETWORK attack vector and low complex...