CVE-2009-1323

CVE-2009-1323 describes an SQL injection in Web File Explorer 3.1, where body.asp fails to sanitize the id parameter, allowing remote attackers to inject and execute arbitrary SQL commands. This is triggered via the id parameter in the request, enabling potential data disclosure or modification o...

CVE-2009-1495

CVE-2009-1495 affects Web File Explorer 3.1. The vulnerability is due to improper access control that stores sensitive information under the web root, allowing remote attackers to download the database (data/db.mdb) via a direct request. Documented impact is exposure of the database file; no reme...

CVE-2009-1314

The CVE-2009-1314 entry concerns body.asp in Web File Explorer 3.1, where the savefile action accepts a file parameter containing an executable extension, enabling remote attackers to create arbitrary files and execute arbitrary code. Affected component: Web File Explorer 3.1’s web interface (bod...