CVE-2009-2606
The CVE-2009-2606 entry concerns ASP Football Pool 2.3 where sensitive data is stored under the web root with insufficient access control, enabling remote retrieval of the NFL.mdb database file via a direct request. The core issue is improper access control on the web root, leading to exposure of...