2 matches found
CVE-2009-2022
CVE-2009-2022 affects fipsCMS Light 2.1. The issue is improper access control that allows a remote attacker to download the database file (_fipsdb/db.mdb) from the web root, exposing sensitive information. Impact is partial confidentiality. No exploitation details or fixes are provided in the con...
CVE-2008-3417
SQL injection vulnerability in fipsCMS light 2.1 and earlier affects home/index.asp by crafting the r parameter, allowing remote attackers to execute arbitrary SQL commands. Root cause is improper handling of user input in the index page. Impact is partial confidentiality, integrity, and availabi...